39.4. Migrating over SSL

To encrypt the data transmission between LDAP and IdM during a migration:
  1. Store the certificate of the CA, that issued the remote LDAP server's certificate, in a file on the IdM server. For example: /etc/ipa/remote.crt.
  2. Follow the steps described in Section 39.3, “Migrating an LDAP Server to Identity Management”. However for an encrypted LDAP connection during the migration, use the ldaps protocol in the URL and pass the --ca-cert-file option to the command. For example:
    [root@ipaserver ~]# ipa migrate-ds --ca-cert-file=/etc/ipa/remote.crt ldaps://ldap.example.com:636