Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
41424344454647484950
Using Secure Sockets Layer (SSL) With an Agent
Chapter 2 Policy Agents on Solaris and HP-UX 47
1. Create a new key database using the key management utility (IKEYMAN). For
information on creating new key database, see the documentation at:
http://www-3.ibm.com/software/webservers/httpservers/doc/v1319/9atikeyu.htm#H
DRKMU2G
2. Create a self-signed certificate using IKEYMAN. For information on creating a
self-signed certificate, see the documentation at:
http://www-3.ibm.com/software/webservers/httpservers/doc/v1319/9atikeyu.htm#H
DRKMU4G
3. Start the Administration Server
# /opt/IBMHTTPD/bin/adminctl start
4. Setup SSL using the IBM Administration Server. For information on setting up
SSL, see the documentation at:
http://www-3.ibm.com/software/webservers/httpservers/doc/v1319/9atstart.htm#s
sl
Web or Web Proxy Server Running in SSL Mode
If your web or web proxy server is running in the SSL mode, and your agent is in
the notification mode, you must install the root CA certificate of your web or web
proxy server onto Identity Server if it is not already installed.
The Agent’s Default Trust Behavior
By default, the policy agent installed on a remote web server or proxy server will
trust any server certificate presented over SSL by the web server that runs Sun
ONE Identity Server; the agent does not check the root Certificate Authority (CA)
certificate. Ifthe web server that runs Identity Serveris SSL-enabled, and you want
the policy agent to perform certificate-checking, you must do the following:
1. Disable the agent’s default trust behavior.
2. Install a root CA certificate on the remote web server (where the agent is
installed). The root CA certificate must be the same as the one installed on the
web server that runs Sun ONE Identity Server service.