Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual page 388

Configuring LDAP Clients to Use SSL
You must convert the client certificate into binary format using the
6.
utility. To do this:
a.
b.
On the server, map the subject DN of the certificate that you obtained to the
7.
appropriate directory entry by editing the
This procedure is described in Managing Servers with Netscape Console.
NOTE
On the Directory Server, modify the directory entry for the user who owns the
8.
client certificate to add the
a.
b.
388 Netscape Directory Server Administrator's Guide • May 2002
Download the
certutil
http://www.mozilla.org/projects/security/pki/nss/tools/
Run as follows:
certutil
cert7.db_path
certutil -L -d
where cert7.db_path is the location of your certificate database,
user_cert_name is the name you gave to your certificate when you installed
it, and user_cert.bin is the name you must specify for the output file that
will contain the binary certificate.
Do not map your certificate-based-authentication certificate to a
distinguished name under
your certificate to a DN under
bind will fail. Map your certificate to a target located elsewhere in
the directory information tree.
Make sure that the
certmap.conf
Server simply searches for an entry in the directory that matches
the information in the
it grants access without actually checking the value of the
userCertificate
Select the Directory tab, and navigate to the user entry.
Double click the user entry, and use the Property Editory to add the
attribute, with the
userCertificate
When you add this attribute, instead of an editable field, the server
provides a Set Value button.
utility from
user_cert_name
-n
certmap.conf
cn=config
cn=config
parameter is set to
verifyCert
file. If this parameter is not set to
certmap.conf
attribute.
userCertificate
binary
user_cert.bin
-r >
file.
or . If you map
cn=monitor
or , your
cn=monitor
in the
on
, Directory
on
file. If the search is successful,
attribute.
subtype.
certutil
.