Red Hat Directory Server 8.0 Administrator's Guide
1. Stop the Directory Server.
2
service dirsrv stop instance
2. Modify the cn=encryption,cn=config entry by changing the value of the nsSSLClientAuth
attribute from required to allowed.
For information on modifying entries from the command-line, see Section 2.4, “Adding and
Modifying Entries Using ldapmodify”.
3. Start the Directory Server.
service dirsrv start instance
Now start Red Hat Console.
7. Configuring LDAP Clients to Use SSL
For all the users of the Directory Server to use TLS/SSL or certificate-based authentication
when they connect using LDAP client applications, they must perform the following tasks:
• Create a certificate database.
• Trust the certificate authority (CA) that issues the server certificate.
These operations are sufficient if to ensure that LDAP clients recognize the server's certificate.
However, to require the LDAP clients to use their own certificate to authenticate to the directory,
make sure that all the directory users obtain and install a personal certificate.
NOTE
Some client applications do not verify that the server has a trusted certificate.
1. On the client system, obtain a client certificate from the CA.
2. Install the client certificate on the client system.
Regardless of how the certificate is sent (either in email or on a web page), there should be a
link to click to install the certificate.
Record the certificate information that is sent from the CA, especially the subject DN of the
certificate because the server must be configured to map it to an entry in the directory. The
Configuring LDAP Clients to Use SSL
417