Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
421422423424425426427428429430
12.In the Administration Server Console, select the Configuration tab. Select the Encryption
tab, check the Enable SSL checkbox, and fill in the appropriate certificate information.
13.In the Configuration DS tab, change the port number to the new Directory Server secure
port information. See Section 5, “Changing Directory Server Port Numbers” for more
information. Do this even if the default port of 636 is used. Check the Secure Connection
checkbox.
14.In the User DS tab, select the Set User Directory radio button, and fill in the Directory
Server secure port information, the LDAP URL, and the user database information. Check
the Secure Connection checkbox.
15.Save the new TLS/SSL settings and Configuration DS and User DS information in the
Administration Server Console.
16.Restart the Directory Server. The server must be restarted from the command line.
2
service dirsrv restart instance
When the server restarts, it prompts for the PIN or password to unlock the key database. This
is the same password used when the server certificate and key were imported into the
database.
To restart the Directory Server without the password prompt, create a PIN file or use a
hardware crypto device. See Section 4.3, “Creating a Password File for the Directory Server”
for information on how to create a PIN file.
NOTE
When next logging into the Directory Server Console, be certain that the address
reads https; otherwise, the operation will time out, unable to find the server
since it is running on a secure connection. After successfully connecting, a dialog
box appears to accept the certificate. Click OK to accept the certificate (either
only for that current session or permanently).
4.3. Creating a Password File for the Directory Server
It is possible to store the certificate password in a password file. By placing the certificate
database password in a file, the server can be started from the Directory Server Console and
also restarted automatically when running unattended.
Chapter 11. Managing SSL
410