HP CIFS Server 3.0f Administrator's Guide verison A.02.03
Enabling Secure Sockets Layer (SSL)
The HP CIFS Server provides Secure Sockets Layer (SSL) support to secure communication between CIFS
servers and SSL enabled LDAP directory servers.
If you plan to use SSL and it is not already in use for LDAP, you need to enable it on the Directory Server
and LDAP-UX clients. When you have enabled the LDAP server and clients, then you can configure the HP
CIFS Server to use SSL.
You must set up the Certification Authority (CA) Server properly before you plan to enable SSL communication
over LDAP.
Read the following subsections for more information on configuring the LDAP directory server, LDAP-UX client
and HP CIFS Server with SSL support if you plan to use it.
Configuring the Directory Server to enable SSL
Use the following steps to configure your Netscape Directory Server to enable SSL communication over LDAP:
1. Obtain and install a certificate for your Directory Server, and configure the Netscape Directory Server
to trust the Certification Authority's (CA's) certificate.
For detailed instructions, see the "
Obtaining and Installing Server Certificates
" section of the
"Managing
SSL
" chapter in
Netscape Directory Server 6.1 Administrator's Guide
at
http://docs.hp.com.
2. Turn on SSL in your directory.
For detailed instructions on how to enable SSL in your directory server, see the
"Activating SSL
" section
of the
"Managing SSL
" chapter in
Netscape Directory Server 6.1 Administrator's Guide
at
http://docs.hp.com
.
3. Configure the Administration Server to connect to an SSL-enabled directory server.
For detailed instructions on how to configure the administration server to connect to an SSL enabled
directory server, see
Managing Servers with Netscape Console
available at
http://docs.hp.com.
Configuring the LDAP-UX Client to Use SSL
If you plan to use SSL, you need to install the Certification Authority (CA) certificate on your LDAP-UX Client
and configure the LDAP-UX Client to enable SSL.
Use the following steps to enable SSL on your LDAP client system:
1. Optionally, ensure that each user of the directory server obtains and installs a personal certificate for
all LDAP clients that will authenticate with SSL.
Downloading the certificate database from the Netscape Communicator is one way to set up the
certificate database into your LDAP-UX Client.
The certificate database files, cert7.db and key3.db, will be downloaded to either /.netscapeor
/.mozilla/default/*.slt directory on your client system depending on the version of Netscape
Communicator that you use. If you download the Certification Authority certificate using Netscape
Communicator 7.0, the certificate database files, cert7.db and key3.db, will be downloaded to
/.mozilla/default/*.slt directory.
If you download the Certificate Authority certificate using Netscape Communicator 4.75, the certificate
database files, cert7.db and key3.db, will be downloaded to /.netscape directory.
After you download the certificate database files, cert7.db and key3.db, on your client, you need
to create a symbolic link /etc/opt/ldapux/cert7.db that points to cert7.dband
/etc/opt/ldapux/key3.db that points to key3.db.
For detailed instructions on how to install Certification Authority's certificate on your LDAP-UX client
system, see "
Configuring LDAP Clients to Use SSL
" section of the
"Installing LDAP-UX Client Services
"
chapter in
LDAP-UX Client Services B.03.20 Administrator's Guide
at
http://docs.hp.com
2. Configure the LDAP-UX client services to use SSL by running the setup program. For detailed instructions
on how to run the setup program to enable SSL on LDAP-UX client services, see "
Custom Configuration
"
86 LDAP Integration Support