User`s guide

Chapter 5 Server Administration 141

Using SSL for Remote Server Administration

You can control the level of security of communications between Server Admin and

remote servers by choosing Server Admin > Preferences.

By default, “Use secure connections (SSL)” is enabled, and all communications with

remote servers are encrypted using SSL. This option uses a self-signed 128-bit

certificate installed in /etc/servermgrd/ssl.crt/ when you install the server.

Communications use the HTTPS protocol (port 311). If this option isn’t enabled, the

HTTP protocol (port 687) is used and clear text is sent between Server Admin and the

remote server.

If you want a greater level of security, also select “Require valid digital signature”. This

option uses an SSL certificate installed on a remote server to ensure that the remote

server is a valid server. Before enabling this option, use the instructions in the mail

administration guide for generating a Certificate Signing Request (CSR), obtaining an

SSL certificate from an issuing authority, and installing the certificate on each remote

server. Instead of placing files in /etc/httpd/, place them in /etc/servermgrd/. You can

also generate a self-signed certificate and install it on the remote server.

You can use Server Admin to set up and manage self-signed or issued SSL certificates

used by mail, web, Open Directory, and other services that support them. The mail

service administration guide provides instructions for using Server Admin to create,

organize, and use security certificates for SSL-enabled services. Individual service

administration guides describe how to configure specific services to use SSL.

If you’re interested in higher levels of SSL authentication, see the information at