Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP UX Direry Server box, Encryption, Enable SSL, 12.Click Save, Configuration, “Generating a certificate request”, 11.Check the Use SSL in the Console box

1 96

Download 96 pages, 2.34 Mb

NOTE:

To use client certificate-based authentication with replication, configure the consumer server either to allow or to require client authentication.

10.To verify the authenticity of requests, select the Check hostname against name in certificate for outbound SSL connections option. The server does this verification by matching the host name against the value assigned to the common name (cn) attribute of the subject name in the being presented for authentication. The host name that is checked in the certificate is the same one set in the server name field in the request in “Generating a certificate request”.

By default, this feature is disabled. If it is enabled and if the host name does not match the cn attribute of the certificate, appropriate error and audit messages are logged. HP recommends enabling this option to protect Directory Server's outbound TLS/SSL connections against a man-in-the-middle (MITM) attack.

11.Check the Use SSL in the Console box.

NOTE:

This is the only option which sets whether the Directory Console will run over SSL.

12.Click Save.

13.In the Administration Server Console, select the Configuration tab. Select the Encryption tab, check the Enable SSL checkbox, and fill in the appropriate certificate information.

After TLS/SSL is enabled, the Administration Server can only be connected to using HTTPS. All the previous HTTP (standard) URLs for connecting to the Administration Server and its services no longer work. This is true whether connecting to the Administration Server using the Console or using a web browser.

74 Using SSL/TLS with the Console

Contents

HP-UXDirectory Server Version Page Table of Contents Glossary Index 1 Overview of the console Page configuration directory user directory 1.2 Console menus 1.3.1The Servers and Applications tab 1.3.2 The Users and Groups tab 1.4.1 The Directory Server Console 1.4.2 The Administration Server console Page 2 Basic Console tasks 2.2 Opening a directory or Administration Server window 1.Open the Console Servers and Applications 3.In the navigation tree, click a server to select it 4.In the right-handpanel, click Open 2.3.1Changing profile locations 2.3.2Restoring default font settings 2.3.3 Changing console fonts Font Preference 2.3.4 Reordering table columns Page Page 2.3.5 Customizing the main window 2.3.6 Working with custom views 2.3.6.1 Creating custom views Edit View Default View Copy 2.3.6.2 Switching to a custom view 2.3.6.3Setting access permissions for a public view Page Page Page 3 Managing server instances 3.2.1 Creating and editing an admin domain 3.2.2 Removing an admin domain 3.3 Creating a new Directory Server instance Object Create Instance Of 3.4Deleting a Directory Server instance Remove Server Page 4 Managing Directory Server users and groups User Change Directory 4.2.1 Directory and administrative users Create > User Create User Common Name User ID First Name Last Name 4.2.2Groups Group Create > Group Members Static Dynamic Certificate 4.2.3 Organizational units Organizational Unit Alias 4.3.1Editing entries 4.3.2Allowing sync attributes for entries 4.3.3Changing administrator entries 4.3.3.1Changing the configuration administrator and password 4.3.3.2Changing the admin password 4.3.3.3Adding users to the configuration administrators group Configuration Administrators Add 4.3.4Removing an entry from the directory 5 Setting access controls Page 5.2 Setting access permissions on console elements Permissions ACI Manager ACI Name Users/Groups tab Rights Check None Edit Manually Check syntax 6 Using SSL/TLS with the Console •A list of acceptable compression methods •A randomly-generatednumber 2.The server responds to the client: •A randomly-generatednumber of its own 6.2 Installing certificates Obtaining and installing certificates consists of the following steps: 1.Generate a certificate request 2.Send the certificate request to a certificate authority 3.Install the server certificate 6.2.1Generating a certificate request •Organization •Organizational Unit (optional) locality •State/Province •Country/region 6.2.2Installing the certificate Server Certs Install •In this local file •In the following encoded text block 6.2.3 Trusting a certificate authority or adding a certificate chain CA Certs Next Page •Accepting connections from clients (Client Authentication) •Making connections to other servers (Server Authentication) Done CA Certificates 6.3 Enabling TLS/SSL Encryption Enable SSL 6.Check the Use this Cipher Family checkbox Cipher Settings •Do not allow client authentication •Allow client authentication •Require client authentication To verify the authenticity of requests, select the Check hostname against name in certificate for outbound SSL connections 11.Check the Use SSL in the Console box box 12.Click Save User DS Set User Directory Secure Connection Configuration DS 6.4.1 Creating a password file for the Directory Server 6.4.2 Creating a password file for the Administration Server Page 7 Support and other resources 7.1.1 Information to collect before contacting HP 7.1.2How to contact HP technical support 7.1.3HP authorized resellers 7.1.4Documentation feedback 7.2.2 HP-UXdocumentation set 7.2.3Troubleshooting resources Page Glossary bind See bind DN bind DN bind rule branch entry CoS definition entry affects CoS template Contains a list of the shared attribute values file type extension (for example, .GIF or .HTML) filter filtered role role LDAP and across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser determine which server holds the most recent version multiplexor n + 1 directory problem resulting in increased hardware and personnel costs presence index Allows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit SASL Simple Authentication and Security Layer schema access the directory may be unable to display the proper results superuser privileges to all files on the machine. Also called root supplier servers supplier server Page Index