HP UX Direry Server 2.8Working with SSL

NOTE:

The Admin Server administrator username and password are stored in the /etc/opt/dirsrv/ admin-serv/admpw file. For example:

admin:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

The password is encrypted and cannot be changed directly in the admpw file. The username can be changed in this file, but cannot be used to log into the Console unless the password is updated in the Console first. For this reason, it is better to edit the Administration Server Administrator username and password only through the Admin Server Console.

To change the Administration Server Administrator's ID or password:

1.Open the Admin Server management window.

2.Click the Configuration tab.

3.Click the Access tab.

4.Change the admin user's name or password. The username is the ID given for logging into the Admin Server.

5.Click Save.

2.8Working with SSL

The Admin Server can run over HTTPS (secure HTTP) if SSL is enabled on the server. There are steps to enabling SSL:

1.Generating and submitting a certificate request.

2.Receiving and installing the certificate.

3.Trusting the certificate authority (CA) which issued the certificate.

4.Changing the Admin Server configuration to allow SSL connections.

18 Admin Server configuration

Contents

HP-UXDirectory Server Version Page Table of Contents Glossary Index 1 Introduction to HP-UXDirectory Server SSL TLS NOTE: 2 Admin Server configuration 2.1 Directory Server file locations 2.2 Starting and stopping the Admin Server 2.2.1Starting and stopping Admin Server from the console 2.2.2 Starting and stopping Admin Server from the command Line 2.3 Opening the Admin Server console Figure 2-1Login box TIP: Open 2.4 Viewing logs 2.4.1Viewing the logs through the console 2.4.2 Viewing logs in the command line 2.4.3 Changing the log name in the console 2.4.4 Changing the log location in the command line 2.5Changing the port number 2.5.1Changing the port number in the console 2.5.2Changing the port number in the command line 2.6Setting host restrictions 2.6.1Setting host restrictions in the console 2.6.2 Setting host restrictions in the command line 2.7Changing the admin user's name and password 2.8Working with SSL 2.8.1 Requesting and installing a server certificate •Server Name IMPORTANT: •Organization •Organizational Unit (Optional) A descriptive name for the organization within the company Request Submission Copy to Clipboard Save to File Install In this local file In the following encoded text block 2.8.2 Installing a CA certificate CA Certs Next •Accepting connections from clients (Client Authentication) •Accepting connections to other servers (Server Authentication) 2.8.3Enabling SSL 4.Select the Enable SSL for this server checkbox 5.Select the Use this cipher family: RSA checkbox Internal (Software-based) Settings 2.8.4 Creating a password file for the Admin Server 2.9 Changing Directory Server settings 2.9.1 Changing the configuration directory host or port 2.9.2Changing the user directory host or port Use Default User Directory Set User Directory LDAP Host and Port Give the User Directory Subtree 3 Admin express 3.1 Managing servers in Admin Express 3.1.1Opening Admin Express 3.1.2 Starting and stopping servers 3.1.3 Viewing server logs 3.1.4 Viewing server information 3.1.5 Monitoring replication from Admin Express supplier consumer nobody grep \^User /etc/opt/dirsrv/admin-serv/console.conf chmod 0400 filename Figure 3-4Viewing replication status Figure 3-5Viewing replication status 3.2 Configuring Admin Express 3.2.1 Admin Express file locations 3.2.2 Admin Express configuration files 3.2.2.1 Files for the Admin Server welcome page Figure 3-6Intro page elements directive The text files themselves have inline formatting for the inserted table rows 3.2.2.2 Files for the replication status appearance 3.2.2.3 Files for the server information page 3.2.2.4 Files for the server logs page 3.2.3 Admin Express directives Table 3-2Admin Express directives (continued) Page 4 Admin Server command-linetools 4.1 sec-activate 4.2 modutil task “Task commands for modutil” option “Options for modutil” Tasks and options Table 4-1Task commands for modutil (continued) Table 4-2Options for modutil Table 4-2Options for modutil (continued) JAR information file JAR (Java Archive) is a platform-independent file format that aggregates many files into one. JAR files are used by •“Enabling a slot” •“Enabling FIPS compliance” •“Adding a cryptographic module” •“Changing the password on a token” Creating database files modutil -fipstrue FIPS mode enabled Adding a cryptographic module Module "Cryptorific Module" added to database Changing the password on a token 5 Support and other resources 5.1 Contacting HP 5.1.1 Information to collect before contacting HP 5.1.2How to contact HP technical support 5.1.3HP authorized resellers 5.2.2 HP-UXdocumentation set 5.2.3Troubleshooting resources 5.3 Typographic conventions Page Glossary bind See bind DN bind DN bind rule branch entry CoS definition entry affects CoS template Contains a list of the shared attribute values file type extension (for example, .GIF or .HTML) filter filtered role role LDAP and across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser determine which server holds the most recent version multiplexor n + 1 directory problem resulting in increased hardware and personnel costs presence index Allows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit SASL Simple Authentication and Security Layer schema access the directory may be unable to display the proper results superuser privileges to all files on the machine. Also called root servers supplier server called a supplier for that replica Page Index