HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

12 Managing SSL......................................................................................469

12.1 Introduction to SSL in the Directory Server.........................................................................469

12.1.1 Enabling SSL: Summary of steps................................................................................469

12.1.2 Command line functions for Start TLS.........................................................................470

12.1.2.1 Troubleshooting Start TLS..................................................................................470

12.2 Obtaining and installing server certificates.......................................................................471

12.2.1 Step 1: Generate a certificate request........................................................................472

12.2.2 Step 2: Send the certificate request..........................................................................475

12.2.3 Step 3: Install the certificate....................................................................................476

12.2.4 Step 4: Trust the certificate authority.........................................................................476

12.2.5 Step 5: Confirm that the new certificates are installed.................................................477

12.3 Using certutil................................................................................................................477

12.3.1 Creating Directory Server certificates through the command line...................................477

12.3.2 certutil usage........................................................................................................479

12.4 Starting the server with TLS/SSL enabled..........................................................................480

12.4.1 Enabling TLS/SSL only in the Directory Server............................................................481

12.4.2 Enabling TLS/SSL in the Directory Server, Administration Server, and console................482

12.4.3 Creating a password file for the Directory Server.......................................................484

12.4.4 Creating a password file for the Administration Server................................................484

12.5 Using external security devices........................................................................................485

12.6 Setting security preferences.............................................................................................485

12.6.1 Available ciphers...................................................................................................485

12.6.2 Selecting the encryption cipher................................................................................487

12.7 Using certificate-based authentication..............................................................................487

12.7.1 Configuring Directory Server to accept certificate-based authentication from LDAP

clients.............................................................................................................................489

12.7.2 Mapping DNs to certificates....................................................................................490

12.7.3 Editing the certmap.conf file....................................................................................493

12.7.4 Example certmap.conf mappings.............................................................................493

12.7.5 Allowing and requiring client authentication to the console..........................................494

12.7.6 Connecting to the Directory Server with certificate-based authentication........................496

12.8 Managing certificates for the Directory Server...................................................................496

12.8.1 Renewing certificates..............................................................................................496

12.8.2 Changing the CA trust options................................................................................496

12.8.3 Changing security device passwords........................................................................497

12.8.4 Managing certificate lists........................................................................................497

12.9 Access based on the security strength of the connection......................................................497

13 Managing SASL...................................................................................499

13.1 Overview of SASL in Directory Server...............................................................................499

13.1.1 About SASL identity mapping...................................................................................500

13.1.2 Default SASL mappings for Directory Server...............................................................502

13.1.3 Authentication mechanisms for SASL in Directory Server...............................................503

13.1.4 About Kerberos with Directory Server........................................................................503

13.1.4.1 About principals and realms.............................................................................503

13.1.4.2 About the KDC server and keytabs....................................................................504

13.2 Configuring SASL identity mapping.................................................................................505

13.2.1 Configuring SASL identity mapping from the console...................................................505

13.2.2 Configuring SASL identity mapping from the command line.........................................506

13.3 Configuring SASL authentication at Directory Server startup................................................507

13.4 Using an external keytab................................................................................................507

14 Monitoring Server and Database Activity.................................................508

14.1 Viewing and configuring log files.....................................................................................508

14.1.1 Defining a log file rotation policy..............................................................................508

14.1.2 Defining a log file deletion policy.............................................................................509

14 Contents