HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

481

482

483

484

485

486

487

488

489

490

10. Click Save.

11. Restart the Directory Server. The Directory Server must be restarted from the command line.

/opt/dirsrv/slapd-instance_name/restart-slapd

When the server restarts, it prompts for the PIN or password to unlock the key database. This

is the same password used when the server certificate and key were imported into the database.

To restart the Directory Server without the password prompt, create a PIN file or use a hardware

crypto device. For information on how to create a PIN file, see “Creating a password file for

the Directory Server” (page 484).

For more information about the commands to start, stop, and restart the Directory Server, see

“Starting and Stopping Servers” (page 19).

12.4.2 Enabling TLS/SSL in the Directory Server, Administration Server, and console

1. Obtain server certificates and CA certs, and install them on the Directory Server. This is

described in “Obtaining and installing server certificates” (page 471).

2. Obtain and install server and CA certificates on the Administration Server. This is a similar

process as for the Directory Server.

NOTE:

It is important that the Administration Server and Directory Server have a CA certificate in

common so that they can trust the other's certificates.

3. If the default port number of 636 is not used, change the secure port setting.

a. Change the secure port number in the Configuration>Settings tab of the Directory Server

Console, and save.

b. Restart the Directory Server. It restarts over the regular port.

/opt/dirsrv/slapd-instance_name/restart-slapd

For more information about the commands to start, stop, and restart the Directory Server,

see “Starting and Stopping Servers” (page 19).

4. In the Configuration tab of the Directory Server Console, highlight the server name at the top

of the table, and select the Encryption tab.

5. Select the Enable SSL checkbox.

6. Check the Use this Cipher Family checkbox.

7. Select the certificate to use from the drop-down menu.

8. Click Cipher Settings.

The Cipher Preference dialog box opens. By default, all ciphers are selected.

9. Set the preferences for client authentication.

• Do not allow client authentication

With this option, the server ignores the client's certificate. This does not mean that the

bind will fail.

• Allow client authentication

This is the default setting. With this option, authentication is performed on the client's

request. For more information about certificate-based authentication, see “Using

certificate-based authentication” (page 487).

• Require client authentication

With this option, the server requests authentication from the client.

482 Managing SSL