Table of Contents
Advertisement
Configuring LDAP Clients to Use SSL
Allowing/Requiring Client Authentication
If you have configured Netscape Console to connect to your Directory Server using
SSL and your Directory Server requires client authentication, you can no longer use
Netscape Console to manage any of your Netscape servers. You will have to use
the appropriate command-line utilities instead.
However, if at a later date you wish to change your directory configuration to no
longer require but allow client authentication, so that you can use Netscape Console,
you must follow these steps:
Stop Directory Server.
1.
For information on stopping and starting the server from the command line,
see "Starting/Stopping the Server From the Command Line," on page 32.
Modify the
2.
nsSSLClientAuth attribute from
For information on modifying entries from the command line, see Chapter 2,
"Creating Directory Entries."
Start Directory Server.
3.
You can now start Netscape Console.
Configuring LDAP Clients to Use SSL
If you want all the users of your Directory Server to use SSL or certificate-based
authentication when they connect using LDAP client applications, you must make
sure they perform the following tasks:
•
Create a certificate database.
•
Trust the Certificate Authority (CA) that issues the server certificate.
These operations are sufficient if you want to ensure that LDAP clients recognize
the server's certificate. However, if you also want LDAP clients to use their own
certificate to authenticate to the directory, make sure that all your directory users
obtain and install a personal certificate.
NOTE
384
Netscape Directory Server Administrator's Guide • January 2002
cn=encryption,cn=config
Some client applications do not verify that the server has a trusted
certificate.
entry by changing the value of the
to
required
allowed
.
Advertisement
Table of Contents
