Red Hat Directory Server 8.0 Administrator's Guide
nsCertFile and nsKeyFile to give the locations for the key and certificate
databases.
6.1. Setting up Certificate-Based Authentication
To set up certificate-based authentication, do the following:
1. Create a certificate database for the client and the server or for both servers involved in
replication.
In the Directory Server, the certificate database creation automatically takes place when a
certificate is installed. For information on creating a certificate database for a client, see
Section 7, “Configuring LDAP Clients to Use SSL”.
2. Obtain and install a certificate on both the client and the server or on both servers involved in
replication.
3. Enable TLS/SSL on the server or on both servers involved in replication.
For information on enabling TLS/SSL, refer to Section 4, “Starting the Server with TLS/SSL
Enabled”.
NOTE
If the Red Hat Console connects to Directory Server over TLS/SSL, selecting
Require client authentication disables communication. This is because,
although Red Hat Console supports TLS/SSL, it does not have a certificate to
use for client authentication.
4.
Map the certificate's distinguished name to a distinguished name known by the directory.
This can set access control for the client when it binds using this certificate.
6.2. Allowing/Requiring Client Authentication
If Red Hat Console is configured to connect to the Directory Server using TLS/SSL and the
Directory Server requires client authentication, the Red Hat Console cannot be used to manage
server applications. You must use the appropriate command-line utilities instead.
However, to change the directory configuration to no longer require but allow client
authentication in order to use the Red Hat Console, do the following:
Chapter 11. Managing SSL
416