Enabling Ssl Client Authentication With The Internal Database - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
The hostname can be changed to something other than localhost if the visibility of the internal
database can be limited to a local subnet. For example, if the Certificate System and Directory
Server are installed on separate machines for load balancing, specify the hostname of the
machine in which the Directory Server is installed.
The port number is the TCP/IP port used for non-SSL communications with the Directory Server.
The DN should be the Directory Manager DN. The Certificate System subsystem uses this DN
when it accesses the directory tree to communicate with the directory.
4. Click Save.
The configuration is modified. If the changes require restarting the server, a prompt appears with
that message. In that case, restart the server.
3.12.2. Enabling SSL Client Authentication with the Internal
Database
1. Stop the Certificate System instance.
2. Open the subsystem configuration directory.
3. Open the CS.cfg file.
4. Edit the following lines to the indicated values:
internaldb.ldapAuthentication.authtype=SslClientAuth
internaldb.ldapAuthentication.bindDN=CN=Directory Manager
internaldb.ldapAuthentication.bindPWPrompt=Internal LDAP Database
internaldb.ldapconn.host=ldap_hostname
internaldb.ldapconn.port=ldap_httpsport
internaldb.ldapconn.secureConn=true
internaldb.ldapAuthentication.clientCertNickname=Server-Cert cert-instance_name
5. Open the Directory Server Console.
6. Create an entry for the suffix which matches the subject DN of the Certificate System subsystem
certificate for the subsystem using this internal database. For example, if the CA server certificate
has the subject name c=jupiter.example.com,ou=marketing,o=example,l=mv,c=us
then create a suffix o=example,l=mv,c=us.
a. Go to the Configuration tab.
b. Right-click and select Data.
c. Click on New Suffix, and add the suffix.
7. Go to the Directory tab, and right-click DirectoryServer.
8. Add the new certificate entry to the Configuration Administrators group.
9. Click Set Access Control Permission, and then click Add.
10. Fill in ACIName.clientauth.
Enabling SSL Client Authentication with the Internal Database
97
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?
Questions and answers