HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
• Do not allow client authentication
With this option, the server ignores the client's certificate. This does not mean that the
bind will fail.
• Allow client authentication
This is the default setting. With this option, authentication is performed on the client's
request.
• Require client authentication
With this option, the server requests authentication from the client.
If client authentication is required, then SSL cannot be used with the Console because
The Directory Server Console does not support client authentication.
NOTE:
To use certificate-based authentication with replication, configure the consumer server either
to allow or to require client authentication.
NOTE:
The Directory Server must already be configured to run over TLS/SSL or Start TLS for client
authentication to be enabled.
4. Save the changes, and restart the server. For example, open the Tasks tab and click the Restart
server task.
To change the server configuration from requiring client authentication to allowing it through the
command line, reset the nsSSLClientAuth parameter:
ldapmodify -D "cn=directory manager" -w secret -p 389 -h supplier1.example.com -D
"cn=directory manager" -N "Server-Cert" -p 636 -host server.example.com
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
The nsSSLClientAuth parameter can be set to off, allowed, and required.
12.7 Using certificate-based authentication 495