Table of Contents
Advertisement
Set your preferences for client authentication.
9.
Do not allow client authentication. With this option, the server will ignore the
client's certificate. This does not mean that the bind will fail.
Allow client authentication. This is the default setting. With this option,
authentication is performed on the client's request. For more information about
certificate-based authentication, see ""Using Certificate-Based Authentication"
on page 407.
Require client authentication. With this option, the server requests
authentication from the client.
If you are using certificate-based authentication with replication,
NOTE
then you must configure the consumer server to either allow or
require client authentication.
If you want Netscape Console to use SSL during communications with
10.
Directory Server, select the "Use SSL in Netscape Console" option.
If you configured Directory Server for certificate based client
11.
authentication, you can further configure the server to verify the
authenticity of requests by selecting the "Check hostname against name in
certificate for outbound SSL connections" option. The server does this
verification by matching the hostname against the value assigned to the
Common Name (CN) attribute of the subject name in the certificate being
presented for authentication.
By default, this feature is disabled. If it's enabled and if the hostname does
not match the CN attribute of the certificate, appropriate error and audit
messages are logged. For example, in a replicated environment, messages
similar to these are logged in the supplier server's log files if it finds that the
peer server's hostname doesn't match the name specified in its certificate:
[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81
(Netscape runtime error -12276 - Unable to communicate securely
with peer: requested domain name does not match the server's
certificate.)
[DATE] NSMMReplicationPlugin - agmt="cn=to ultra60 client auth"
(ultra60:1924): Replication bind with SSL client authentication
failed: LDAP error 81 (Can't contact LDAP server)
It is recommended that you enable this option to protect Directory Server's
outbound SSL connections against a Man In The Middle (MITN) attack.
Activating SSL
Chapter 11
Managing SSL
405
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.0
- Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - GATEWAY CUSTOMIZATION
- Netscape ENTERPRISE SERVER 6.0
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers