Wednesday July 26, 2006
Wednesday July 26, 2006 Setting Up and Using SSL
On a personal note, things have been really busy lately. In fact, they've been so busy that I let a couple of comments on my last post go unanswered for far too long. There were some meaty issues in those questions, so to make up for it I'll try to provide more detailed information in separate posts spread over the rest of the week. The one I've got slated for Friday looks to be a real doozy, so you'll definitely want to tune in for it.The first of these questions that I'm going to address is about how to configure SSL in the Directory Server, and in particular using and testing SSL client authentication in which the client is able to authenticate to the server using a certificate (via SASL EXTERNAL) rather than the more traditional DN and password used for simple authentication.
I would be remiss if I didn't first point out that our publicly-available documentation does address these issues. The Directory Server Administration Guide does have sections that cover both enabling SSL in the server and in the clients. However, while the documentation does provide some coverage in this area, there may be a few pieces to the puzzle that aren't included, and others that could be clarified.
I've done quite a bit of SSL-related work in the server, and this isn't the first time that I've heard these questions. In fact, I've written a few documents on the subject to help various customers with different issues. I've taken one that most closely matches the original request (and probably the one that provides the most complete picture of setting up and testing SSL with server and client authentication), spruced it up a bit, and made it available here.
Note that this document really deals with the full course of configuring SSL in the server, from getting the certificates (either self-signed or requested from an external authority), enabling SSL, and testing it with ldapsearch. It also heavily favors the use of the command line instead of the graphical administration console, and some people prefer that over having to launch the administration console just for a couple of clicks (I know I do). Some of the steps may change in the upcoming Directory Server 6.0 release, but the command-line tools coming in that release will be a welcome sight to a great many administrators, and they will provide ways of accomplishing most of the things covered in my document.
Posted by cn_equals_directory_manager ( Jul 26 2006, 08:39:53 AM CDT ) Permalink
| Archives | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Language | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Links | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Referrers | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Today's Page Hits: 359 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||