Red Hat DIRECTORY SERVER 8.1 - USING CONSOLE 4-28-2008 Using Instruction page 78

Chapter 6. Using SSL/TLS with Red Hat Console
NOTE
To use client certificate-based authentication with replication, configure the consumer
server either to allow or to require client authentication.
10. To verify the authenticity of requests, select the Check hostname against name in certificate for
outbound SSL connections option. The server does this verification by matching the hostname
against the value assigned to the common name (cn) attribute of the subject name in the being
presented for authentication. The hostname that is checked in the certificate is the same one set in
the server name field in the request in
By default, this feature is disabled. If it's enabled and if the hostname does not match the cn
attribute of the certificate, appropriate error and audit messages are logged. Red Hat recommends
enabling this option to protect Directory Server's outbound TLS/SSL connections against a man-
in-the-middle (MITM) attack.
11. Check the Use SSL in the Console box.
NOTE
This is the only option which sets whether the Red Hat Console will run over SSL.
12. Hit Save.
13. In the Administration Server Console, select the Configuration tab. Select the Encryption tab,
check the Enable SSL checkbox, and fill in the appropriate certificate information.
After TLS/SSL is enabled, then the Administration Server can only be connected to using HTTPS.
All of the previous HTTP (standard) URLs for connecting to the Administration Server and its
70
Section 6.2.1, "Generating a Certificate Request".