HP-UX Directory Server 8.1 Administrator (766147-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

12 Managing SSL......................................................................................470

Introduction to SSL in the Directory Server................................................................................470

Enabling SSL: Summary of steps........................................................................................470

Command line functions for Start TLS..................................................................................471

Troubleshooting Start TLS..............................................................................................471

Obtaining and installing server certificates...............................................................................472

Step 1: Generate a certificate request.................................................................................473

Step 2: Send the certificate request....................................................................................476

Step 3: Install the certificate..............................................................................................477

Step 4: Trust the certificate authority...................................................................................477

Step 5: Confirm that the new certificates are installed...........................................................478

Using certutil........................................................................................................................478

Creating Directory Server certificates through the command line............................................478

certutil usage...................................................................................................................480

Starting the server with TLS/SSL enabled.................................................................................481

Enabling TLS/SSL only in the Directory Server......................................................................482

Enabling TLS/SSL in the Directory Server, Administration Server, and console..........................483

Creating a password file for the Directory Server.................................................................485

Creating a password file for the Administration Server..........................................................485

Using external security devices...............................................................................................486

Setting security preferences....................................................................................................486

Available ciphers.............................................................................................................486

Selecting the encryption cipher..........................................................................................488

Using certificate-based authentication......................................................................................488

Configuring Directory Server to accept certificate-based authentication from LDAP clients..........490

Mapping DNs to certificates..............................................................................................491

Editing the certmap.conf file..............................................................................................494

Example certmap.conf mappings.......................................................................................494

Allowing and requiring client authentication to the console....................................................495

Connecting to the Directory Server with certificate-based authentication..................................497

Managing certificates for the Directory Server..........................................................................497

Renewing certificates........................................................................................................497

Changing the CA trust options...........................................................................................497

Changing security device passwords..................................................................................498

Managing certificate lists..................................................................................................498

Access based on the security strength of the connection.............................................................498

13 Managing SASL...................................................................................500

Overview of SASL in Directory Server......................................................................................500

About SASL identity mapping............................................................................................501

Default SASL mappings for Directory Server.........................................................................503

Authentication mechanisms for SASL in Directory Server........................................................504

About Kerberos with Directory Server..................................................................................504

About principals and realms.........................................................................................504

About the KDC server and keytabs................................................................................505

Configuring SASL identity mapping.........................................................................................506

Configuring SASL identity mapping from the console............................................................506

Configuring SASL identity mapping from the command line...................................................507

Configuring SASL authentication at Directory Server startup........................................................508

Using an external keytab.......................................................................................................508

14 Monitoring Server and Database Activity.................................................509

Viewing and configuring log files............................................................................................509

Defining a log file rotation policy.......................................................................................509

Defining a log file deletion policy.......................................................................................510

Access log......................................................................................................................511

14 Contents