Manualshelf

HP CIFS Server Administrator's Guide Version A.03.01.01 (5900-1282, May 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
81828384858687888990
3. Configure the Administration Server to connect to an SSL-enabled directory server.
For detailed instructions on how to configure the administration server to connect to an SSL
enabled directory server, see Managing Servers with Netscape Console available at
http://docs.hp.com.
Configuring the LDAP-UX Client to Use SSL
If you plan to use SSL, you need to install the Certification Authority (CA) certificate on your LDAP-UX
Client and configure the LDAP-UX Client to enable SSL.
Use the following steps to enable SSL on your LDAP client system:
1. Optionally, ensure that each user of the directory server obtains and installs a personal
certificate for all LDAP clients that will authenticate with SSL.
Downloading the certificate database from the Netscape Communicator is one way to set up
the certificate database into your LDAP-UX Client.
The certificate database files, cert7.db and key3.db, will be downloaded to either
/.netscapeor /.mozilla/default/*.slt directory on your client system depending
on the version of Netscape Communicator that you use. If you download the Certification
Authority certificate using Netscape Communicator 7.0, the certificate database files,
cert7.db and key3.db, will be downloaded to /.mozilla/default/*.slt directory.
If you download the Certificate Authority certificate using Netscape Communicator 4.75, the
certificate database files, cert7.db and key3.db, will be downloaded to /.netscape
directory.
After you download the certificate database files, cert7.db and key3.db, on your client,
you need to create a symbolic link /etc/opt/ldapux/cert7.db that points to
cert7.dband /etc/opt/ldapux/key3.db that points to key3.db.
For detailed instructions on how to install Certification Authority's certificate on your LDAP-UX
client system, see "Configuring LDAP Clients to Use SSL" section of the "Installing LDAP-UX
Client Services" chapter in LDAP-UX Client Services B.03.20 Administrator's Guide at
http://docs.hp.com
2. Configure the LDAP-UX client services to use SSL by running the setup program. For detailed
instructions on how to run the setup program to enable SSL on LDAP-UX client services, see "
Custom Configuration" subsection of the "Installing LDAP-UX Client Services" chapter in
LDAP-UX Client Services B.03.20 Administrator's Guide at http://docs.hp.com.
If the LDAP-UX client services has already been set up, modify the authenticationMethod
and preferredServerList attributes in the /etc/opt/ldapux/ldapux_profile file
as follows:
Modify the authenticationMethod attribute to add the transport layer security
authentication method, tls:, in front of the original authentication method, simple.
For example, without SSL enabled, the original authenticationMethod entry is
authenticationMethod: simple. With SSL enabled, the authenticationMethod entry
will be authenticationMethod: tls:simple.
Modify the preferredServerList attribute to change the regular LDAP port number,
389, to the SSL port number, 636.
For example, without SSL enabled, the original preferredServerList entry is
preferredServerList: 1.2.5.20:389. With SSL enabled, the preferredServerList entry
will be preferredServerList: 1.2.5.20:636.
Enabling Secure Sockets Layer (SSL) 87