Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
431432433434435436437438439440
Unless there is a security reason not to use a specific cipher, select all of the ciphers, except
for none,MD5.
6. In the Encryption tab, click Save.
CAUTION
Avoid selecting the none,MD5 cipher because the server will use this option if no
other ciphers are available on the client, instead of refusing the connection. The
none,MD5 cipher is not secure because encryption does not occur.
6. Using Certificate-Based Authentication
Directory Server allows certificate-based authentication for the command-line tools (which are
LDAP clients) and for replication communications. Certificate-based authentication can occur
between:
An LDAP client connecting to the Directory Server.
A Directory Server connecting to another Directory Server by replication or chaining.
A single configuration parameter, nsslapd-certdir, in cn=config in dse.ldif lists the
directory containing the key, certificate, and security files. The directory name should be unique
and specific to the server. For example, the /etc/dirsrv/slapd-instance_name directory
contains the key and certificate databases only for the Directory Server instance called
instance_name. That directory will not contain key and certificate databases for any other
server or client, nor will any of the key, certificate, or other security-related files for
instance_name be located in any other directory.
NOTE
The Directory Server 8.0 no longer uses separate files for the key and certificate
databases. With the Filesystem Hierarchy Standard, the certificate and key files
have been consolidated into a single file, specified in the nsslapd-certdir
parameter, and the key and certificate file is stored in the
/etc/dirsrv/slapd-instance_name directory.
Previous versions of Directory Server used a single directory,
/opt/redhat-ds/slapd-instance/alias, for all security-related files for all
servers, and required a unique prefix, such as slapd-instance-, for the key,
certificate, and security-related files. The Directory Server used the attributes
Using Certificate-Based Authentication
415