Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
Steps to create database files using the certutil utility
The following steps show you an example on how to create the security database files, cert8.db
and key3.db on your client system using the certutil utility:
1. Retrieve the Base64-Encoded certificate from the certificate server and save it.
For example, get the Base64-Encoded certificate from the certificate server and save it as the
/tmp/mynew.cert file. This file should look like:
--------------- BEGIN CERTIFICATE -------------------------------
-MIICJjCCAY+gAwIBAgIBJDANBgkghkiG9w0BAQQFADBxMQswCQYDVQQGEwJVUzEL
MAkga1UECBMCQ2ExEjAQBgNVBAcTCWN1cGVvsG1ubzEPMA0GA1UEChmgAhaUy29T
MRIwEAYDVQQLEw1RR1NMLUxkYXAxHDAaBgNVBAMTE0N1cnRpzmljYXR1IE1hbmFn
4I2vvzz2i1Ubq+Ajcf1y8sdafuCmqTgsGUYjy+J1weM061kaWOt0HxmXmrUdmenF
skyfHyvEGj8b5w6ppgIIA8JOT7z+F0w+/mig=
--------------- END CERTIFICATE ----------------------------------
2. Use the rm command to remove the old database files, /etc/opt/ldapux/cert8.db and
/etc/opt/ldapux/key3.db:
rm -f /etc/opt/ldapux/cert8.db /etc/opt/ldapux/key3.db
3. Use the certutil utility with the -N option to initialize the new database:
/opt/ldapux/contrib/bin/certutil -N -d /etc/opt/ldapux
4. Add the Certificate Authority (CA) certificate or the LDAP server's certificate to the security
database:
To use the certutil command to add a CA certificate to the database:
For example, the following command adds the CA certificate, my-ca-cert, to the
security database directory, /etc/opt/ldapux, with the Base64-Encoded certificate
request file, /tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-ca-cert -t \ "C,," -d
/etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE: The -t "C,," represents the minimum trust attributes that may be assigned
to the CA certificate for LDAP-UX to successfully use SSL or TLS to connect to the LDAP
directory server. If you have other applications that use the CA certificate for other
functions, then you may wish to assign additional trust flags. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html for additional information.
To use the certutil command to add the LDAP server's certificate to the security
database:
For example, the following command adds the LDAP server's certificate,
my-server-cert, to the security database directory, /etc/opt/ldapux, with the
Base64-Encoded certificate request file, /tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-server-cert \
-t "P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
Configure the LDAP-UX Client Serivces with SSL or TLS Support 47