Accessing Active Directory from System i using SSL

Hello group,

Based upon Scott Klement's examples, we have a program that runs on the
System i that accesses our Windows Active Directory LDAP server. The
program has been running well for a couple years.

We now want to access AD using SSL (still from the System i). There seems
to be an SSL version of the ldap_init procedure named ldap_ssl_init.
ldap_ssl_init has only one more parameter than the ldap_init - the
certificate name. The IBM documentation states: "If the LDAP server is
configured to perform Server Authentication, a client certificate is not
required (and name can be set to null)." With the name set to null, the
ldap_ssl_init fails.

I believe it may be because I have not defined a CA Trust list. There is
an area in Digital Certificate Manager called Define CA Trust List. I'm
not sure how to set this up. Since the System i is accessing AD, the
System i would be considered the client in this scenario. When I view the
Client applications for which to define the trust list, only IBM Directory
Server publishing, IBM Directory Server client and i5/OS TCP/IP FTP client
are listed. None of these seem to be what I am using. Do I need to Add a
new Application? If so, which one?

Any help would be most appreciated.