skip to main content
ICE-Kubespray Installation > Appendix B: Certificate management > ICE Server Certificate > LDAP Certificate
LDAP Certificate
If the LDAP server is using public/well-known CA, no further action is needed.
For connection to LDAP server ___LDAP___SERVER___ which uses self-signed or Enterprise CA, first create a .pem file locally:
openssl s_client -showcerts -connect ___LDAP___SERVER___:636 < /dev/null \
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | tee ldap.pem
Then apply the ldap.pem file, which contains the LDAP server server.certificate, to the ICE Server:
kubectl -n ice-arcus \
create configmap extra-cacerts \
--from-file=ldap.pem \
-o yaml \
--dry-run=client \
| kubectl -n ice-arcus replace -f -
Telephony Certificate
Please refer to Enable TLS/SRTP section of ICE Telephony Administration Guide on how to generate icegwkey.pem and icegw.pem.
Then, apply the .pem to the ICE Server:
kubectl -n ice-arcus \
create configmap gateway-certs \
--from-file=icegwkey.pem \
--from-file=icegw.pem
If you need to amend the certificate, or if you need to renew the certificate, delete the existing certificate configuration first:
kubectl -n ice-arcus delete configmap gateway-certs