Manage client-side LDAPS - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Manage client-side LDAPS

Use these commands to manage your LDAPS configuration.

You can use two different methods to manage client-side LDAPS settings. You can use either the Amazon Web Services Management Console method or the Amazon CLI method.

View certificate details

Use either of the following methods to see when a certificate is set to expire.

Method 1: To view certificate details in Amazon Directory Service (Amazon Web Services Management Console)
  1. In the Amazon Directory Service console navigation pane, select Directories.

  2. Choose the directory ID link for your directory.

  3. On the Directory details page, choose the Networking & security tab.

  4. In the Client-side LDAPS section, under CA certificates, information about the certificate will be displayed.

Method 2: To view certificate details in Amazon Directory Service (Amazon CLI)
  • Run the following command. For the certificate ID, use the identifier returned by register-certificate or list-certificates.

    aws ds describe-certificate --directory-id your_directory_id --certificate-id your_cert_id

Deregister a certificate

Use either of the following methods to deregister a certificate.

Note

If only one certificate is registered, you must first disable LDAPS before you can deregister the certificate.

Method 1: To deregister a certificate in Amazon Directory Service (Amazon Web Services Management Console)
  1. In the Amazon Directory Service console navigation pane, select Directories.

  2. Choose the directory ID link for your directory.

  3. On the Directory details page, choose the Networking & security tab.

  4. In the Client-side LDAPS section, choose Actions, and then choose Deregister certificate.

  5. In the Deregister a CA certificate dialog box, choose Deregister.

Method 2: To deregister a certificate in Amazon Directory Service (Amazon CLI)
  • Run the following command. For the certificate ID, use the identifier returned by register-certificate or list-certificates.

    aws ds deregister-certificate --directory-id your_directory_id --certificate-id your_cert_id

Disable client-side LDAPS

Use either of the following methods to disable client-side LDAPS.

Method 1: To disable client-side LDAPS in Amazon Directory Service (Amazon Web Services Management Console)
  1. In the Amazon Directory Service console navigation pane, select Directories.

  2. Choose the directory ID link for your directory.

  3. On the Directory details page, choose the Networking & security tab.

  4. In the Client-side LDAPS section, choose Disable.

  5. In the Disable client-side LDAPS dialog box, choose Disable.

Method 2: To disable client-side LDAPS in Amazon Directory Service (Amazon CLI)
  • Run the following command.

    aws ds disable-ldaps --directory-id your_directory_id --type Client