Setting Up Certificate-Based Authentication - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
certificate databases only for the Directory Server instance called instance_name. That directory
will not contain key and certificate databases for any other server or client, nor will any of the key,
certificate, or other security-related files for instance_name be located in any other directory.
NOTE
The Directory Server 8.0 no longer uses separate files for the key and certificate
databases. With the Filesystem Hierarchy Standard, the certificate and key files have
been consolidated into a single file, specified in the nsslapd-certdir parameter, and
the key and certificate file is stored in the /etc/dirsrv/slapd-instance_name
directory.
Previous versions of Directory Server used a single directory, /opt/redhat-ds/slapd-
instance/alias, for all security-related files for all servers, and required a unique
prefix, such as slapd-instance-, for the key, certificate, and security-related files. The
Directory Server used the attributes nsCertFile and nsKeyFile to give the locations
for the key and certificate databases.
11.6.1. Setting up Certificate-Based Authentication
To set up certificate-based authentication, do the following:
1. Create a certificate database for the client and the server or for both servers involved in
replication.
In the Directory Server, the certificate database creation automatically takes place when
a certificate is installed. For information on creating a certificate database for a client, see
Section 11.7, "Configuring LDAP Clients to Use
2. Obtain and install a certificate on both the client and the server or on both servers involved in
replication.
3. Enable TLS/SSL on the server or on both servers involved in replication.
For information on enabling TLS/SSL, refer to
Enabled".
NOTE
If the Red Hat Console connects to Directory Server over TLS/SSL, selecting
Require client authentication disables communication. This is because, although
Red Hat Console supports TLS/SSL, it does not have a certificate to use for client
authentication.
4. Map the certificate's distinguished name to a distinguished name known by the directory.
This can set access control for the client when it binds using this certificate.
Setting up Certificate-Based Authentication
SSL".
Section 11.4, "Starting the Server with TLS/SSL
361
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers