To Require Client Authentication; Mapping Client Certificates To Ldap - Netscape ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR Administrator's Manual

To Require Client Authentication

To require client authentication, perform the following steps:
Access either the Administration Server or the Server Manager and choose the
1.
Preferences tab.
For the Server Manager you must first select the server instance from the
drop-down list.
Click the Edit Listen Sockets link.
2.
The Listen Socket Table page appears.
Use the drop-down Action list to select Edit, if not already displayed, for the
3.
connection group you are requiring client authentication for.
Use the drop-down list to turn Security on for that connection group, if it is off.
4.
Click the Attributes link.
5.
The Security Settings of Listen Socket page appears.
Toggle on client authentication by clicking On.
6.
Click OK.
7.
For the Server Manager, click Apply, and then Restart for changes to take
8.
effect.
There is a single certificate trust database per web server instance. All the
NOTE
secure virtual servers running under that server instance share the same
list of trusted client CAs. If two virtual servers require different trusted
CAs, then these virtual servers should be run in different server instances
with separate trust databases.

Mapping Client Certificates to LDAP

This section describes the process Enterprise Server uses to map a client certificate
to an entry in an LDAP directory.
When the server gets a request from a client, it asks for the client's certificate before
proceeding. Some clients send the client certificate to the server along with the
request.
NOTE Before mapping client certificates to LDAP, you also need to set up
the required ACLs; for more information, see Chapter 8,
"Controlling Access to Your Server."
Setting Client Security Requirements
Chapter 5 Securing Your Enterprise Server 123