Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
NOTE: If you already have the certificate database files, cet7 or cert8.db and key3.db, on your
client for your HP-UX applications, you can simply create a symbolic link /etc/opt/ldapux/cert7.db
that points to cert7.db or /etc/opt/ldapux/cert8.db that points to cer8.db and /etc/opt/ldapux/key3.db
that points to key3.db.
You can Download the certificate database from the Netscape Communicator or Mozilla browser
to set up the certificate database into your LDAP-UX Client.
Steps to Download the CA Certificate from Mozilla Browser
The following steps show you an example on how to download the Certificate Authority (CA)
certificate on your client system using Mozilla browser 1.4 for HP-UX:
1. Log in to your system as root.
2. Use Mozilla browser to connect to your Certificate Authority Server.
The following shows an example of using a link to connect to your Certificate Authority
Server:
https://CA servername:port number/ca/
3. Click the retrieval tab in the Netscape certificate management window screen.
4. Click the "import CA certificate chain" link to take you to the "import CA certificate chain"
window screen.
5. Check the "import the CA certificate chain into your browser" check box in the "import CA
certificate chain" window screen. Then, click the submit button.
6. Check the "Trust the CA to identify web sites", "Trust the CA to identify e-mail users", and " Trust
the CA to identify software developers" checkboxes in the Downloading Certificate window screen.
Then click OK button.
7. The Netscape Directory CA certificate will be downloaded to the following two files on your
LDAP-UX Client:
/.mozilla/default/*.slt/cert8.db
/.morilla/default/*.slt/key3.db
8. You can simply copy the /.mozilla/default/*slt/cert8.db file to /etc/opt/ldapux/cert8.db and
/.mozilla/default/*slt/key3.db file to /etc/opt/ldapux/key3.db.
9. Set the file access permissions for/etc/opt/ldapux/cert7..db and /etc/opt/ldapux/key3.db to be read
only by root as follows:
-r-------- 1 root sys 65536 Jun 14 16:27 /etc/opt/ldapux/cert8.db
-r-------- 1 root sys 32768 Jun 14 16:27 /etc/opt/ldapux/key3.db
NOTE: You may use the unsupported /opt/ldapux/contrib/bin/certutil command
line tool to create the certificate database files, cert8.db and key3.db. For detailed command options
and their arguments, see Using the Certificate Database Tool available at
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html.
NOTE: If your browser does not generate cert7.db or cert8.db and key3.db security
database files, you must export the certificate (preferably the root certificate of the Certificate
Authority that signed the LDAP server's certificate) from your certificate server as a
Base64-Encoded certificate and use the certutil utility to create thecert8.db and key3.db
security database files.
46 Installing And Configuring LDAP-UX Client Services