Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
411412413414415416417418419420
For information on the command-line options available, see the Directory Server Configuration,
Command, and File Reference.
1.2.1. Troubleshooting Start TLS
With the -ZZ option, the following errors could occur:
If there is no certificate database, the operation fails. See Section 2, “Obtaining and Installing
Server Certificates” for information on using certificates.
If the server does not support Start TLS, the connection proceeds in clear text. To enforce the
use of Start TLS, use the -ZZZ command option.
If the certificate database does not have the certificate authority (CA) certificate, the
connection proceeds in clear text. See Section 2, “Obtaining and Installing Server
Certificates” for information on using certificates.
With the -ZZZ option, the following errors could occur, causing the Start TLS operation to fail:
If there is no certificate database. See Section 2, “Obtaining and Installing Server Certificates”
for information on using certificates.
If the certificate database does not have the certificate authority (CA) certificate. See
Section 2, “Obtaining and Installing Server Certificates” for information on using certificates.
The server does not support Start TLS as an extended operation.
For SDK libraries used in client programs, if a session is already in TLS mode and Start TLS is
requested, then the connection continues to be in secure mode but prints the error "DSA is
unwilling to perform".
2. Obtaining and Installing Server Certificates
Before the Directory Server can be set to run in TLS/SSL, server and CA certificates must be
properly configured in the Directory Server. If a server certificate has already been generated for
the Directory Server instance and the issuing certificate authority (CA) is already trusted by the
Directory Server, begin setting up TLS/SSL as described in Section 4, “Starting the Server with
TLS/SSL Enabled”.
Obtaining and installing certificates consists of the following steps:
1. Generate a certificate request.
2. Send the certificate request to a certificate authority.
3. Install the server certificate.
Obtaining and Installing Server Certificates
395