Configuring The Server To Use Separate Ssl Server Certificates - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Configuring the Server's Security Preferences
• The version of SSL that an instance of CS must use during SSL communication. The
latest version is SSL version 3, but many older clients use SSL version 2. Because
client authentication is required for performing privileged operations, you must enable
SSL version 3 ciphers supported by CS. For details, see "Configuring the Server's
Security Preferences," on page 309.
Configuring the Server to Use Separate SSL Server
Certificates
You can configure a CS instance to use separate SSL server certificates for authenticating to
Red Hat Console, the Agent Services interface, and the end entity services interface.
This configuration involves the following steps:
• Step 1. Get the Required SSL Server Certificates
• Step 2: Update the Configuration
Step 1. Get the Required SSL Server Certificates
You must first request and install the required number of SSL server certificates for the
particular CS instance. For instructions, see "Consideration When Getting New Certificates
for the Subsystems" on page 303.
Once you have installed the certificates, you should be able to see them in the list of SSL
server certificates in the Encryption tab of the CS window.
Step 2: Update the Configuration
After you verify that the certificates are installed, configure the server as follows:
Stop the CS instance; see "Starting, Stopping, and Restarting CS Instances" on
1.
page 246.
Go to this directory:
2.
In a text editor, open the
3.
Locate the
4.
❍
310 Red Hat Certificate System Administrator's Guide • September 2005
<server_root>/cert-<instance_id>/config
server.xml
servercertnickname
To change the certificate used for authenticating to the Agent Services interface,
edit the value assigned to the
section.
id="agent"
file.
parameter for the interface of your interest.
servercertnickname
parameter in the