Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual page 386

Configuring LDAP Clients to Use SSL
MQswCQYDVQQGEwJVUzEoMCYGA1UEChMfTmV0c2NhcGUgRGlyZWN0b3J5IFB1Ymxp
Y2F0aW9uczEWMBQGA1UEAxMNZHVgh49dq2itLmNvbTBaMA0GCSqGSIb3DQEBAQUA
A0kAMEYCQQCksMR/aLGdfp4m0OiGcgijG5KgOsyRNvwGYW7kfW+8m
-----END CERTIFICATE-----
You must convert the client certificate into binary format using the
6.
utility. To do this:
a.
b.
On the server, map the subject DN of the certificate that you obtained to the
7.
appropriate directory entry by editing the
This procedure is described in Managing Servers with Netscape Console. Make
sure that the
NOTE
On the Directory Server, you must modify the directory entry for the user who
8.
owns the client certificate to add the
a.
b.
386 Netscape Directory Server Administrator's Guide • January 2002
Download the
certutil
http://www.mozilla.org/projects/security/pki/nss/tools/.
Run as follows:
certutil
cert7.db_path
certutil -L -d
where cert7.db_path is the location of your certificate database,
user_cert_name is the name you gave to your certificate when you installed
it, and user_cert.bin is the name you must specify for the output file that
will contain the binary certificate.
verifyCert
Note that if this parameter is not set to
searches for an entry in the directory that matches the information
in the
certmap.conf
without actually checking the value of the
attribute.
Select the Directory tab, and navigate to the user entry.
Double click the user entry, and use the Property Editory to add the
attribute, with the
userCertificate
When you add this attribute, instead of an editable field, the server
provides a Set Value button.
utility from
user_cert_name
-n
certmap.conf
parameter is set to
on
file. If the search is successful, it grants access
userCertificate
binary
certutil
user_cert.bin
-r >
file.
in the
certmap.conf
, Directory Server simply
on
userCertificate
attribute.
subtype.
file.