Service manual
Configuring SSL
Appendix B Using the Sun Crypto Accelerator Board 169
1. Create a file, ssl.ldif, of modifications to change SSL related Directory
Server configuration entries.
Here port,thevalueof
nsslapd-secureport, is the port on which Directory
Server listens for SSL connections once started in secure mode.
2. Apply the modifications to change Directory Server configuration.
Code Example B-1 Modifications to Activate SSL Using the Board (ssl.ldif)
dn: cn=RSA,cn=encryption,cn=config
changetype: add
objectclass: top
objectclass: nsEncryptionModule
cn: RSA
nsSSLToken: nobody@dsrealm
nsSSLPersonalitySSL: ServerCertNickname
1
1. This nickname is contained in the certificate for Directory Server.
nsSSLActivation: on
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,
+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,
+tls_rsa_export1024_with_rc4_56_sha,
+tls_rsa_export1024_with_des_cbc_sha
-
replace: nsCertfile
nsCertfile: alias/slapd-serverID-cert7.db
-
replace: nsKeyFile
nsKeyFile: alias/slapd-serverID-key3.db
dn: cn=config
changetype: modify
replace: nsslapd-secureport
nsslapd-secureport: port
-
replace: nsslapd-security
nsslapd-security: on