Allowing/Requiring Client Authentication; Configuring Ldap Clients To Use Ssl - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 11. Managing SSL
11.6.2. Allowing/Requiring Client Authentication
If Red Hat Console is configured to connect to the Directory Server using TLS/SSL and the Directory
Server requires client authentication, the Red Hat Console cannot be used to manage server
applications. You must use the appropriate command-line utilities instead.
However, to change the directory configuration to no longer require but allow client authentication in
order to use the Red Hat Console, do the following:
1. Stop the Directory Server.
service dirsrv stop instance
2. Modify the cn=encryption,cn=config entry by changing the value of the nsSSLClientAuth
attribute from required to allowed.
For information on modifying entries from the command-line, see
Modifying Entries Using
3. Start the Directory Server.
service dirsrv start instance
Now start Red Hat Console.
11.7. Configuring LDAP Clients to Use SSL
For all the users of the Directory Server to use TLS/SSL or certificate-based authentication when they
connect using LDAP client applications, they must perform the following tasks:
• Create a certificate database.
• Trust the certificate authority (CA) that issues the server certificate.
These operations are sufficient if to ensure that LDAP clients recognize the server's certificate.
However, to require the LDAP clients to use their own certificate to authenticate to the directory, make
sure that all the directory users obtain and install a personal certificate.
NOTE
Some client applications do not verify that the server has a trusted certificate.
1. On the client system, obtain a client certificate from the CA.
2. Install the client certificate on the client system.
Regardless of how the certificate is sent (either in email or on a web page), there should be a link
to click to install the certificate.
Record the certificate information that is sent from the CA, especially the subject DN of the
certificate because the server must be configured to map it to an entry in the directory. The client
certificate resembles the following:
362
2
ldapmodify".
Section 2.2.4, "Adding and
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers