A list of acceptable compression methods

A randomly-generated number

2.The server responds to the client:

The chosen TLS/SSL version (this is the highest version in common with both the server and client)

The selected cipher suite (the most secure version the server and client have in common)

The selected compression method (the most secure version the server and client have in common)

A randomly-generated number of its own

3.The server then sends its certificate. The server and client will use the public key in the certificate to decrypt messages once the handshake ends and the secure session is established.

4.The client verifies the identity of the server using the information in the server certificate:

The validity period (the expiration date of the server certificate)

Whether the client possesses a copy of the CA certificate for the authority which issued the server's certificate (whether the certificate was issued by a trusted CA)

Verifying the digital signature of the issuing CA for the server certificate

Whether the domain name for the server in the certificate subject name matches the actual domain name of the server

5.Depending on the cipher suite being used, the client sends the server key material to use to generate session keys to encrypt data. This key material can be public key or a master key secret, which is used to derive the encryption keys.

6.Using the key material sent by the client, the randomly-generated numbers from the client and server, and the selected cipher, the server and client independently derive the same encryption keys.

7.The client sends a notification to the server that all subsequent messages from it will be encrypted. It also sends a hash and a message authentication key, which are wrapped in the client's encryption key.

8.The server successfully decrypts the client's message using its derived encryption keys.

9.The server then sends a hash and a MAC key to the client, wrapped in the server's encryption key.

10.The client successfully decrypts the server's message using its derived encryption keys.

11.The TLS handshake closes, and the secure channel opens between the server and the client.

The Directory Console can be configured to be encrypted by SSL/TLS by configuring the Directory Server to enable SSL in the Console.

6.2 Installing certificates

Before the Directory Server can be set to run in TLS/SSL, server and CA certificates must be properly installed in the servers.

Obtaining and installing certificates consists of the following steps:

1.Generate a certificate request.

2.Send the certificate request to a certificate authority.

3.Install the server certificate.

4.Set the Directory Server to trust the certificate authority.

The Directory Server Console has two wizards to make it easier to request and install certificates.

62 Using SSL/TLS with the Console

Page 62
Image 62
HP UX Direry Server manual Installing certificates

UX Direry Server specifications

HP UX Directory Server is a robust and scalable solution designed for managing directory information within enterprise networks. Developed by Hewlett-Packard (HP), this server offers an extensive set of features tailored to meet the needs of organizations that require an efficient way to store, manage, and retrieve identity and access data.

One of the key features of HP UX Directory Server is its ability to handle large directories with significant volumes of data. Built on a highly optimized architecture, it provides excellent performance and can support millions of entries without sacrificing speed or reliability. This capability makes it an ideal choice for large-scale deployments in enterprises that require high availability and responsiveness.

In addition to its scalability, HP UX Directory Server supports a wide range of protocols, including LDAP (Lightweight Directory Access Protocol), which ensures seamless integration with diverse applications and systems across various platforms. The server maintains standards compliance, which facilitates interoperability and simplifies administration tasks.

Security is a top priority for HP UX Directory Server, offering an array of features to protect sensitive information. It supports secure data transmission via TLS/SSL protocols, ensuring encrypted communication between clients and servers. Advanced access controls allow administrators to define fine-grained permissions, helping to safeguard directory data against unauthorized access.

Another salient feature of HP UX Directory Server is its replication capabilities. The server can replicate directory data across multiple instances, ensuring data consistency and availability in distributed environments. This feature is essential for businesses operating across different geographical locations or requiring failover solutions for disaster recovery.

HP UX Directory Server also comes equipped with tools for data management, including an intuitive administration console for configuring and monitoring the server. Additionally, it offers customizable schema capabilities, enabling organizations to tailor the directory structure to fit their specific needs.

Integration with existing identity management solutions is streamlined through connectors and APIs, allowing organizations to extend their directory services and enhance user experience.

In summary, HP UX Directory Server is a powerful directory management solution that combines scalability, security, and integration flexibility. Its support for industry standards, advanced replication, and comprehensive administrative tools makes it an essential asset for organizations seeking to manage identity and access efficiently. By leveraging this technology, businesses can improve their operational efficiency and ensure a secure and organized approach to directory management.