Obtaining and Installing Server Certificates
•
If there is no certificate database, the operation fails. See "Obtaining and
Installing Server Certificates," on page 420, for information on using
certificates.
•
If the server does not support Start TLS, the connection proceeds in cleartext.
To enforce the use of Start TLS, use the
•
If the certificate database does not have the Certifying Authority (CA)
certificate, the connection proceeds in cleartext. See "Obtaining and Installing
Server Certificates," on page 420, for information on using certificates.
With the
operation to fail:
•
If there is no certificate database. See "Obtaining and Installing Server
Certificates," on page 420, for information on using certificates.
•
If the certificate database does not have the Certifying Authority (CA)
certificate. See "Obtaining and Installing Server Certificates," on page 420, for
information on using certificates.
•
The server does not support Start TLS as an extended operation.
For SDK libraries used in client programs, if a session is already in TLS mode and
Start TLS is requested, then the connection continues to be in secure mode but
prints the error
Obtaining and Installing Server Certificates
This section describes the process of creating a certificate database, obtaining and
installing a certificate for use with your Directory Server, and configuring
Directory Server to trust the certification authority's (CA) certificate.
This process is a necessary first step before you can turn on SSL in your directory.
If you have already completed these tasks, see "Starting the Server with SSL
Enabled," on page 428.
Obtaining and installing certificates consists of the following steps:
•
Step 1: Generate a Certificate Request
•
Step 2: Send the Certificate Request to the Certificate Authority
•
Step 3: Install the Certificate
•
Step 4: Trust the Certificate Authority
420
Red Hat Directory Server Administrator's Guide • May 2005
option, the following errors could occur, causing the Start TLS
-ZZZ
"DSA is unwilling to perform"
command option.
-ZZZ
.