LDAP-UX Client Services B.04.00 Administrator's Guide
Installing And Configuring LDAP-UX Client Services
Configure the LDAP-UX Client Serivces with SSL Support
Chapter 2 43
Step 6. Check the “Trust the CA to identify web sites”, “Trust the CA to identify
e-mail users”, and “Trust the CA to identify software developers”
checkboxes in the Downloading Certificate window screen. Then click OK
button.
Step 7. The Netscape Directory CA certificate will be downloaded to the
following two files on your LDAP-UX Client:
/.mozilla/default/*.slt/cert8.db
/.morilla/default/*.slt/key3.db
Step 8. You can simply copy the /.mozilla/default/*slt/cert8.db file to
/etc/opt/ldapux/cert8.db and /.mozilla/default/*slt/key3.db file to
/etc/opt/ldapux/key3.db.
Step 9. Set the file access permissions for/etc/opt/ldapux/cert7..db and
/etc/opt/ldapux/key3.db to be read only by root as follows:
-r-------- 1 root sys 65536 Jun 14 16:27 \
/etc/opt/ldapux/cert8.db
-r-------- 1 root sys 32768 Jun 14 16:27 \
/etc/opt/ldapux/key3.db
NOTE You may use the unsupported /opt/ldapux/contrib/bin/certutil
command line tool to create the certificate database files, cert8.db and
key3.db. For detailed command options and their arguments, see Using
the Certificate Database Tool available at
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html.
NOTE If your browser does not generate cert7.db or cert8.db and key3.db
security database files, you must export the certificate (preferably the
root certificate of the Certificate Authority that signed the LDAP server’s
certificate) from your certificate server as a Base64-Encoded certificate
and use the certutil utility to create the cert8.db and key3.db
security database files.