Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
919293949596979899100
Enabling Secure Sockets Layer (SSL)
The HP CIFS Server provides Secure Sockets Layer (SSL) support to secure communication
between CIFS servers and SSL enabled LDAP directory servers.
If you plan to use SSL and it is not already in use for LDAP, you need to enable it on the Directory
Server and LDAP-UX clients. When you have enabled the LDAP server and clients, then you
can configure the HP CIFS Server to use SSL.
You must set up the Certification Authority (CA) Server properly before you plan to enable SSL
communication over LDAP.
Read the following subsections for more information on configuring the LDAP directory server,
LDAP-UX client and HP CIFS Server with SSL support if you plan to use it.
Configuring the Directory Server to enable SSL
Use the following steps to configure your Netscape Directory Server to enable SSL communication
over LDAP:
1. Obtain and install a certificate for your Directory Server, and configure the Netscape Directory
Server to trust the Certification Authority's (CA's) certificate.
For detailed instructions, see the "Obtaining and Installing Server Certificates" section of the
"Managing SSL" chapter in Netscape Directory Server 6.1 Administrator's Guide at
http://docs.hp.com.
2. Turn on SSL in your directory.
For detailed instructions on how to enable SSL in your directory server, see the "Activating
SSL" section of the "Managing SSL" chapter in Netscape Directory Server 6.1 Administrator's
Guide at http://docs.hp.com.
3. Configure the Administration Server to connect to an SSL-enabled directory server.
For detailed instructions on how to configure the administration server to connect to an SSL
enabled directory server, see Managing Servers with Netscape Console available at
http://docs.hp.com.
Configuring the LDAP-UX Client to Use SSL
If you plan to use SSL, you need to install the Certification Authority (CA) certificate on your
LDAP-UX Client and configure the LDAP-UX Client to enable SSL.
Use the following steps to enable SSL on your LDAP client system:
1. Optionally, ensure that each user of the directory server obtains and installs a personal
certificate for all LDAP clients that will authenticate with SSL.
Downloading the certificate database from the Netscape Communicator is one way to set
up the certificate database into your LDAP-UX Client.
The certificate database files, cert7.db and key3.db, will be downloaded to either
/.netscapeor /.mozilla/default/*.slt directory on your client system depending
on the version of Netscape Communicator that you use. If you download the Certification
Authority certificate using Netscape Communicator 7.0, the certificate database files,
cert7.db and key3.db, will be downloaded to /.mozilla/default/*.slt directory.
If you download the Certificate Authority certificate using Netscape Communicator 4.75,
the certificate database files, cert7.db and key3.db, will be downloaded to /.netscape
directory.
After you download the certificate database files, cert7.db and key3.db, on your client,
you need to create a symbolic link /etc/opt/ldapux/cert7.db that points to
cert7.dband /etc/opt/ldapux/key3.db that points to key3.db.
92 LDAP Integration Support