between the Remote Supervisor Adapter II and an LDAP server. If you are not familiar with the use of SSL certificates, read the information in “SSL certificate overview.”

Use the following general tasks list to configure the security for the Remote

Supervisor Adapter II:

1.Configure the Secure Web server:

a.Disable the SSL server. Use the SSL Server Configuration for Web Server area on the Security page.

b.Generate or import a certificate. Use the SSL Server Certificate Management area on the Security page. (See “SSL server certificate management” on page 55.)

c.Enable the SSL server. Use the SSL Server Configuration for Web Server area on the Security page. (See “Enabling SSL for the secure Web server” on page 60.)

2.Configure SSL security for LDAP connections:

a.Disable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page.

b.Generate or import a certificate. Use the SSL Client Certificate Management area on the Security page. (See “SSL client certificate management” on page 60.)

c.Import one or more trusted certificates. Use the SSL Client Trusted Certificate Management area on the Security page. (See “SSL client trusted certificate management” on page 61.)

d.Enable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page. (See “Enabling SSL for the LDAP client” on page 62.)

3.Restart the Remote Supervisor Adapter II for SSL server configuration changes to take effect. For more information, see “Restarting ASM” on page 66.

Note: Changes to the SSL client configuration take effect immediately and do not require a restart of the Remote Supervisor Adapter II.

SSL certificate overview

You can use SSL with either a self-signed certificate or with a certificate that is signed by a third-party certificate authority. Using a self-signed certificate is the simplest method for using SSL, but it does create a small security risk. The risk arises because the SSL client has no way of validating the identity of the SSL server for the first connection that is attempted between the client and server. It is possible that a third party could impersonate the server and intercept data that is flowing between the Remote Supervisor Adapter II and the Web browser. If, at the time of the initial connection between the browser and the Remote Supervisor Adapter II, the self-signed certificate is imported into the certificate store of the browser, all future communications will be secure for that browser (assuming that the initial connection was not compromised by an attack).

For more complete security, you can use a certificate that is signed by a certificate authority. To obtain a signed certificate, use the SSL Certificate Management page to generate a certificate-signing request. You must then send the certificate-signing request to a certificate authority and make arrangements to procure a certificate.

When the certificate is received, it is then imported into the Remote Supervisor Adapter II through the Import a Signed Certificate link, and you can enable SSL.

54 Remote Supervisor Adapter II SlimLine and Remote Supervisor Adapter II: User’s Guide

Page 61 Page 63
Page 62
Image 62
IBM Remote Supervisor Adapter II manual SSL certificate overview
Page 61 Page 63
Top Page Image Contents