HP-UX Directory Server 8.1 administrator guide
• Do not allow client authentication
With this option, the server ignores the client's certificate. This does not mean that the
bind will fail.
• Allow client authentication
This is the default setting. With this option, authentication is performed on the client's
request.
• Require client authentication
With this option, the server requests authentication from the client.
If client authentication is required, then SSL cannot be used with the Console because
The Directory Server Console does not support client authentication.
NOTE:
To use certificate-based authentication with replication, configure the consumer server either
to allow or to require client authentication.
NOTE:
The Directory Server must already be configured to run over TLS/SSL or Start TLS for client
authentication to be enabled.
4. Save the changes, and restart the server. For example, open the Tasks tab and click the
Restart server task.
To change the server configuration from requiring client authentication to allowing it through
the command line, reset the nsSSLClientAuth parameter:
ldapmodify -D "cn=directory manager" -w secret -p 389 -h supplier1.example.com -D
"cn=directory manager" -N "Server-Cert" -p 636 -host server.example.com
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
12.7 Using certificate-based authentication 497