With secure connection, an LDAP server has the option of authenticating users by checking the contents of their client certificates. A typical client certificate contains detailed identification information about a user and the organization that issued the certificate and a public key. Client certificate authentication, along with SSL encryption, can be used to implement a highly secure method for verifying the identity of clients.

If a client certificate is required for successful negotiation, then the LDAP server sends a list of trusted issuers. LDAP administrator checks whether there are client certificates intended for client authentication and issued by certification authority present in the received trusted issuers list.

If at least one client certificate satisfying the requirements is found, then a "Select Client Certificate" dialog is displayed and the client can select the certificate to use for authenticating at the server. If no relevant certificates are installed on the client machine, then LDAP Administrator attempts to authenticate anonymously.

Server certificates provide a way for users to confirm the identity of an LDAP server. A server certificate contains detailed identification information, such as the name of the organization affiliated with the server content, the name of the organization that issued the certificate, and a public key used in establishing an encrypted connection. This information helps to assure users of the authenticity of LDAP server content and the integrity of the secure LDAP connection.

If a server certificate is required for successful negotiation, then the LDAP server sends its server certificate. LDAP Administrator validates the received certificate and in case the certificate appears valid, the server certificate is automatically accepted. If it turns out that the certificate validation fails, then a "Security Alert" dialog is displayed.

When dealing with a "Security Alert" dialog, the user has the following options: