Chapter 11. Managing SSL

Chapter 11. Managing SSL

11.1. Introduction to SSL in the Directory Server
11.1.1. Enabling SSL: Summary of Steps
11.1.2. Command-Line Functions for Start TLS
11.2. Obtaining and Installing Server Certificates
11.2.1. Step 1: Generate a Certificate Request
11.2.2. Step 2: Send the Certificate Request
11.2.3. Step 3: Install the Certificate
11.2.4. Step 4: Trust the Certificate Authority
11.2.5. Step 5: Confirm That The New Certificates Are Installed
11.3. Using certutil
11.3.1. Creating Directory Server Certificates through the Command Line
11.3.2. certutil Usage
11.4. Starting the Server with SSL Enabled
11.4.1. Enabling SSL Only in the Directory Server
11.4.2. Enabling SSL in the Directory Server, Administration Server, and Console
11.4.3. Creating a Password File for the Directory Server
11.4.4. Creating a Password File for the Administration Server
11.5. Setting Security Preferences
11.5.1. Available Ciphers
11.5.2. Selecting the Encryption Cipher
11.6. Using Certificate-Based Authentication
11.6.1. Setting up Certificate-Based Authentication
11.6.2. Allowing/Requiring Client Authentication
11.7. Configuring LDAP Clients to Use SSL

To provide secure communications over the network, Red Hat Directory Server includes the LDAPS communications protocol. LDAPS is the standard LDAP protocol, running over Transport Layer Security (TLS, formerly Secure Sockets Layer or SSL). Directory Server also allows spontaneous secure connections over otherwise-insecure LDAP ports, using the Start TLS LDAP extended operation.

This chapter describes how to use SSL with Directory Server.


[12] This is the location for Red Hat Enterprise Linux 5 i386. File locations for other platforms are listed in Section 1.1, “Directory Server File Locations”.

[13] The commands to start, stop, and restart the Directory Server on platforms other than Red Hat Enterprise Linux is described in Section 1.3, “Starting and Stopping Servers”.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.