HP-UX Directory Server 8.1 administrator guide

4. Click the Edit Trust button.

5. Set the CA trust options.

• Accepting connections from clients (Client Authentication)

This option sets whether to accept client, or user, certificates issued by the CA.

• Making connections to other servers (Server Authentication)

This option sets whether to accept server certificates issued by the CA.

• Click OK.

12.8.3 Changing security device passwords

Periodically change the settings for the security databases or devices.

1. In the Tasks tab, click the Manage Certificates button.

2. Click the CA Certs tab.

3. Choose a security device from the drop-down list.

4. Click the Password button.

5. In the Change Security Device Password dialog box, enter the old password, then enter

and confirm the new password.

6. Click OK.

12.8.4 Managing certificate lists

Certificate revocation lists (CRLs) allow CAs to specify certificates that client or server users

should no longer trust. If data in a certificate changes, a CA can revoke the certificate and list it

in a CRL. CRLs are produced and periodically updated by a CA, so updated CRLs can be added

to the Directory Server.

1. Obtain the CRL from the CA; these can usually be downloaded from the CA's website.

2. In the Tasks tab, click the Manage Certificates button.

3. Click the CA Certs tab.

4. At the top of the Managing Certificates window, choose a security device from the

drop-down menu.

5. Select the Revoked Certs tab.

6. Every loaded CRL is listed. To view a CRL, select the CRL and click Detail.

7. To add a CRL, click Add at the bottom of the window, and enter the full path to the CRL

file.

8. Click OK.

12.8 Managing certificates for the Directory Server 499