Mac OS X Server 10.4, 10.5: Unable to bind to server via "Encrypt using SSL"

Issue or symptom

When binding to an Mac OS X Server version 10.4.x or 10.5.x via the "Encrypt using SSL" option, Directory Utility may return a message that states:

"Unable to add server. [server name or IP address] does not support directory connections encrypted with SSL.".

Solution

1. On the Open Directory Master create a self-signed certificate. Make sure that the certificate's common name matches the fully qualified domain name (FQDN, such as "www.example.com") of the server.
   
2. On the client, open Terminal and use the following command to obtain the certificate from the master:

   
   openssl s_client -connect myServerName:636
   
   

3. Copy the lines starting from "-----BEGIN CERTIFICATE-----" up to and including the "-----END CERTIFICATE-----" line.
   
4. Using these guidelines, create a file on the desktop named "mycert".
   
5. Paste the information you copied in step 3 into the file.
   
6. Execute the following command Terminal:
   
   

   sudo mv ~/Desktop/mycert /etc/openldap/

   
   
7. Edit /etc/openldap/ldap.conf.
   
8. Under the line "TLS_REQCERT demand" add "TLS_CACERT /etc/openldap/mycert".
9. Restart the client.
   
10. Open Directory Utility and bind to the LDAP server using SSL.