Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
51525354555657585960
connect = myServer.hp.com:636
engineNum = 1
In addition, the verify option is set to 1 (verify peer certificate if present) based on the
assumption that the LDAP server does not send a certificate to the client. For example:
verify = 1
The complete Stunnel configuration file on myClient is as follows. Changes made for TPM and
certificates are shown in bold.
# /opt/iexpress/stunnel/etc/stunnel.conf
# stunnel configuration for a TPM-protected client
# Need random data for session keys, etc
RNDfile = /dev/urandom
# Chroot if need to reduce stunnel's access into the local filesystems.
# chroot = /var/chroot/stunnel/
# PID is created inside the chroot location.
pid = /tmp/stunnel.pid
# Authentication - '1' means a signed certificate from the session peer MAY be
# present.
verify = 1
# Location where peer certificates and the CA certificate can be found.
CApath = /opt/openssl/certs
CAfile = /opt/openssl/certs/cacert.pem
# This client's certificate and private key.
cert = /opt/iexpress/stunnel/etc/myClient.cert
key = /opt/iexpress/stunnel/etc/myClientKeyblob
# Debug parameters
debug = 7
output = /opt/iexpress/stunnel/etc/stunnel.log
# Run in the foreground
foreground = no
# Load the built-in engine 'dynamic'
# and give it the path to the 0.9.7 TPM engine
engine=dynamic
engineCtrl=SO_PATH:/opt/tcs/lib/hpux32/engines/libtpm.so.0
# Identify the engine as 'tpm' and load and initialize it
engineCtrl=ID:tpm
engineCtrl=LOAD
engineCtrl=INIT
# Service-level configuration
[LDAPS-client]
# Use in client mode
client = yes
accept = localhost:7777
connect = myServer:636
engineNum = 1
HP-UX Apache-based Web Server Configuration
To configure the HP-UX Apache-based Web Server, complete the following steps:
1. Enable the mod_auth_ldap module in the Apache httpd.conf file and restart the Apache
server as specified in the Apache Web Server documentation.
2. Add the configuration directives to the Apache ldap.conf file to use secure LDAP. Specify
the local Stunnel endpoint (localhost:7777 in this example) as the target host and port
number in the AuthLDAPURL value. The format for the URL specified by AuthLDAPURL is
52 Using TCS RSA Keys with OpenSSL