User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE

121

122

123

124

125

126

127

128

129

130

Repository Server Setup

2-53

1. Setting SSL Communication

1. Preparations for SSL communication (acquiring the SSL site certificate and registering it in the

Interstage certificate environment)

When the site certificates for the repository server (update system) and repository server

(reference system) are issued by different certificate authorities, the certificate for the repository

server (reference system) must also be registered in the repository server (update system). For

details, refer to Preparations for SSL Communication.

2. Setup for SSL communication (creation of SSL configuration)

On the Interstage Management Console, select [Security] and then [SSL] from the [System] menu.

From the [Create a new SSL Configuration] tab, perform setup for SSL communication as follows:

− Configuration Name

Set the name identifying the SSL configuration.

− Site Certificate Nickname

Set the nickname that was specified when the SSL certificate was registered in the Interstage

certificate environment as described in Preparations for SSL Communication. The registered

SSL site certificate can be accessed in the Interstage Management Console by selecting

[Security] and then [Certificates] on the [System] menu. Click [Site Certificate] to access the

SSL site certificate.

− Protocol Version

Select 'SSL 3.0' only.

− Client certificate

Select 'Yes (Authenticate when client certificate is presented).'

− Encryption Method

Change the encryption method when necessary.

− Nickname of Certificate of Certificate Authority

Change the nickname when necessary.

For details of the above items, refer to the Operator’s Guide.

2. Confirming the Validity of a Certificate

In addition to the above setup, the validity of the certificate must be confirmed. This process includes

acquiring and registering the CRL in the Interstage certificate environment. When the site certificates for

the repository server (update system) and repository server (reference system) are issued by different

authorities, acquire the CRL from the certificate authority that issued the certificate of the repository

server (reference system). Then register this CRL on the repository server (update system).

For details, refer to Preparations for Confirming Validity of Certificate Authentication.

Remark

Replication using SSL communication can protect confidential information since risks such as electrical

interception, alteration, and spoofing are avoided by SSL client-server authentication, and

communication between respective SSO repositories is encrypted. SSL communication is, therefore,

highly recommended for security.