HP-UX Directory Server 8.1 console guide

NOTE:

To use client certificate-based authentication with replication, configure the consumer server

either to allow or to require client authentication.

10. To verify the authenticity of requests, select the Check hostname against name in

certificate for outbound SSL connections option. The server does this verification by

matching the host name against the value assigned to the common name (cn) attribute of

the subject name in the being presented for authentication. The host name that is checked

in the certificate is the same one set in the server name field in the request in “Generating a

certificate request”.

By default, this feature is disabled. If it is enabled and if the host name does not match the

cn attribute of the certificate, appropriate error and audit messages are logged. HP

recommends enabling this option to protect Directory Server's outbound TLS/SSL connections

against a man-in-the-middle (MITM) attack.

11. Check the Use SSL in the Console box.

NOTE:

This is the only option which sets whether the Directory Console will run over SSL.

12. Click Save.

13. In the Administration Server Console, select the Configuration tab. Select the Encryption

tab, check the Enable SSL checkbox, and fill in the appropriate certificate information.

After TLS/SSL is enabled, the Administration Server can only be connected to using HTTPS.

All the previous HTTP (standard) URLs for connecting to the Administration Server and its

services no longer work. This is true whether connecting to the Administration Server using

the Console or using a web browser.

74 Using SSL/TLS with the Console