Managing Active Directory Certificates

If you enable SSL on Active Directory servers, user credentials passed between Active Directory and the Vocera Voice Server are always encrypted. When SSL is enabled, the Active Directory server requires an SSL certificate. How you manage certificates depends on whether you use self-signed certificates or trusted certificate authority (CA) certificates:

Self-signed certificates—Export the root SSL certificate from each Active Directory server and then add it to the Java keystore on each Vocera Voice Server machine.
Trusted CA certificates—The root certificate (such as one from Go Daddy or VeriSign) likely already resides in the Java keystore on the Vocera Voice Server and you don't need to export it. However, if the CA certificate for your Active Directory server is part of a certificate chain, then you must add each intermediate CA certificate in the hierarchy to the Java keystore on each Vocera Voice Server machine.