Table of Contents
Advertisement
Configuring LDAP Clients to Use SSL
If you want all the users of your Directory Server to use SSL or certificate-based
authentication when they connect using LDAP client applications, you must make
sure they perform the following tasks:
•
Create a certificate database.
•
Trust the Certificate Authority (CA) that issues the server certificate.
These operations are sufficient if you want to ensure that LDAP clients recognize
the server's certificate. However, if you also want LDAP clients to use their own
certificate to authenticate to the directory, make sure that all your directory users
obtain and install a personal certificate.
NOTE
The following procedure describes how to use Netscape Communicator 4.7 to
perform these tasks.
To create a certificate, it is sufficient to start Netscape Communicator 4.7.
1.
If it does not already exist, the certificate database will be created.
Use Communicator to connect to your Certificate Authority.
2.
If you are using an internally deployed Netscape Certificate Management
System, you will go to a URL of the form:
https://hostname:port
Some Certificate Authorities provide a link that allows you to download the
CA's certificate.
Trust the Certificate Authority.
3.
This task differs depending on the CA. In some cases, such as if you are
connecting to a Netscape Certificate Management System, Communicator will
automatically prompt you to see if you want to trust the CA.
These steps are sufficient to ensure that your client applications will accept
connections to take place with the Directory Server, because the clients recognize
that the Directory Server's certificate has been issued by a trusted CA.
However, if you also want the Directory Server to authenticate clients using the
clients' certificate, you must perform the following additional steps:
Some client applications do not verify that the server has a trusted
certificate.
Configuring LDAP Clients to Use SSL
Chapter 11
Managing SSL
393
Advertisement
Table of Contents
Troubleshooting
