Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP UX Direry Server 6.3 Enabling TLS/SSL, Done, CA Certificates, CA Certificates, Server Certificates, •Accepting connections from clients (Client Authentication)

1 96

Download 96 pages, 2.34 Mb

•Accepting connections from clients (Client Authentication)

The server checks that the client's certificate has been issued by a trusted certificate authority.

•Making connections to other servers (Server Authentication)

This server checks that the directory to which it is making a connection (for replication updates, for example) has a certificate that has been issued by a trusted certificate authority.

7.Click Done.

After installing the CA certificate, it is listed in the CA Certificates tab.

NOTE:

If a CA certificate is incorrectly generated, it is listed in the Server Certificates tab in the Console rather than the CA Certificates tab. The certificate still works as a CA certificate, even though it is listed in the wrong tab.

Still, request certificates from a real certificate authority to minimize the risk of using an incorrectly generated certificate and breaking SSL/TLS in the Administration Server.

6.3 Enabling TLS/SSL

In order to run the Directory Console over TLS/SSL, the Administration Server and Directory Server must also be configured to run in TLS/SSL.

This configures server authentication for the Directory Console and the Directory Server and Administration Server.

1.Obtain server certificates and CA certs, and install them on the Directory Server. This is described in “Installing certificates”.

2.Obtain and install server and CA certificates on the Administration Server. This is a similar process as for the Directory Server.

6.3 Enabling TLS/SSL

71

Contents

HP-UXDirectory Server Version Page Table of Contents Glossary Index 1 Overview of the console Page configuration directory user directory 1.2 Console menus 1.3.1The Servers and Applications tab 1.3.2 The Users and Groups tab 1.4.1 The Directory Server Console 1.4.2 The Administration Server console Page 2 Basic Console tasks 2.2 Opening a directory or Administration Server window 1.Open the Console Servers and Applications 3.In the navigation tree, click a server to select it 4.In the right-handpanel, click Open 2.3.1Changing profile locations 2.3.2Restoring default font settings 2.3.3 Changing console fonts Font Preference 2.3.4 Reordering table columns Page Page 2.3.5 Customizing the main window 2.3.6 Working with custom views 2.3.6.1 Creating custom views Edit View Default View Copy 2.3.6.2 Switching to a custom view 2.3.6.3Setting access permissions for a public view Page Page Page 3 Managing server instances 3.2.1 Creating and editing an admin domain 3.2.2 Removing an admin domain 3.3 Creating a new Directory Server instance Object Create Instance Of 3.4Deleting a Directory Server instance Remove Server Page 4 Managing Directory Server users and groups User Change Directory 4.2.1 Directory and administrative users Create > User Create User Common Name User ID First Name Last Name 4.2.2Groups Group Create > Group Members Static Dynamic Certificate 4.2.3 Organizational units Organizational Unit Alias 4.3.1Editing entries 4.3.2Allowing sync attributes for entries 4.3.3Changing administrator entries 4.3.3.1Changing the configuration administrator and password 4.3.3.2Changing the admin password 4.3.3.3Adding users to the configuration administrators group Configuration Administrators Add 4.3.4Removing an entry from the directory 5 Setting access controls Page 5.2 Setting access permissions on console elements Permissions ACI Manager ACI Name Users/Groups tab Rights Check None Edit Manually Check syntax 6 Using SSL/TLS with the Console •A list of acceptable compression methods •A randomly-generatednumber 2.The server responds to the client: •A randomly-generatednumber of its own 6.2 Installing certificates Obtaining and installing certificates consists of the following steps: 1.Generate a certificate request 2.Send the certificate request to a certificate authority 3.Install the server certificate 6.2.1Generating a certificate request •Organization •Organizational Unit (optional) locality •State/Province •Country/region 6.2.2Installing the certificate Server Certs Install •In this local file •In the following encoded text block 6.2.3 Trusting a certificate authority or adding a certificate chain CA Certs Next Page •Accepting connections from clients (Client Authentication) •Making connections to other servers (Server Authentication) Done CA Certificates 6.3 Enabling TLS/SSL Encryption Enable SSL 6.Check the Use this Cipher Family checkbox Cipher Settings •Do not allow client authentication •Allow client authentication •Require client authentication To verify the authenticity of requests, select the Check hostname against name in certificate for outbound SSL connections 11.Check the Use SSL in the Console box box 12.Click Save User DS Set User Directory Secure Connection Configuration DS 6.4.1 Creating a password file for the Directory Server 6.4.2 Creating a password file for the Administration Server Page 7 Support and other resources 7.1.1 Information to collect before contacting HP 7.1.2How to contact HP technical support 7.1.3HP authorized resellers 7.1.4Documentation feedback 7.2.2 HP-UXdocumentation set 7.2.3Troubleshooting resources Page Glossary bind See bind DN bind DN bind rule branch entry CoS definition entry affects CoS template Contains a list of the shared attribute values file type extension (for example, .GIF or .HTML) filter filtered role role LDAP and across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser determine which server holds the most recent version multiplexor n + 1 directory problem resulting in increased hardware and personnel costs presence index Allows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit SASL Simple Authentication and Security Layer schema access the directory may be unable to display the proper results superuser privileges to all files on the machine. Also called root supplier servers supplier server Page Index