Setting Up Certificate-Based Authentication - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Using Certificate-Based Authentication
NOTE

Setting up Certificate-Based Authentication

To set up certificate-based authentication, you must:
Create a certificate database for the client and the server or for both servers
1.
involved in replication.
In the Directory Server, the certificate database creation automatically takes
place when you install a certificate. For information on creating a certificate
database for a client, see "Configuring LDAP Clients to Use SSL," on
page 437.
Obtain and install a certificate on both the client and the server or on both
2.
servers involved in replication.
Enable SSL on the server or on both servers involved in replication.
3.
For information on enabling SSL, refer to "Starting the Server with SSL
Enabled," on page 428.
NOTE
436 Red Hat Directory Server Administrator's Guide • May 2005
When specifying the key and certificate database filenames, you
may use absolute or relative paths. If using relative paths, ensure
that they are relative to the server root (for example,
alias/slapd-phonebook-cert8.db
alias/slapd-phonebook-key3.db
The name of the certificate database has been changed from
to
cert7.db cert8.db
to
cert7.db cert8.db
file may not show the new database name. For example,
dse.ldif
you may still see this entry:
nsCertfile: alias/slapd-testDir-cert7.db
If you want the database filename change reflected in the
file, manually edit the filename in the
If Red Hat Console connects to Directory Server over SSL, selecting
"Require client authentication" disables communication. This is
because, although Red Hat Console supports SSL, it does not have a
certificate to use for client authentication.
and
).
. Directory Server automatically converts the
and uses the new file. However, the
dse.ldif
dse.ldif
file.