There isn't a product to choose for eDirectory, so I choose Identity Manger.

With IGA 3.8 java security, if the cn subject name value is not matching to the dns name of the server, the java validation will fail.

Previously DNS was not required for eDirectory. Due to security concerns java has rolled this out to check to make sure that everything resolves. Great idea, but eDirectory didn't have this in mind when generating default certs.

As IGA and other systems will start enforcing this and with existing environments already using ldap certs would have to change, it would be great to have a work around on the eDir side to build in the dns as the cn value or if possible the alternate subject name, assuming that would work.

If there would be an automated way to fix existing systems, that would be ideal. But it would be great if at least with new systems that they would conform to a standard where the default certs could still be used as they would have the dns name.

See the below link as a reference from Steve Williams.