Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

SSL with Netscape Directory Server

 
Simon Hargrave
Honored Contributor

SSL with Netscape Directory Server

I'm looking at implementing Netscape Directory Server for authenticating my HPUX servers against an LDAP database. I don't want cleartext passwords over the network so will need to implement SSL encryption.

Reading all the documentation it implies I need to either enlist the services of a 3rd-party Certificate Authority (verisign etc) or setup a Certificate Authority server in-house.

Whilst I appreciate the requirements for this sort of thing, setting up our own CA for one certificate seems overkill. I'm not really bothered about securing against fake-certificates and that sort of thing, I simply want encrypted traffic.

I note in the docs that if I want to have a replica database (which I do) then I can't use self-signed certificates because it will not work. Is this also the case for the client<->ldap_server comms? Are there any other ways?

Basically I need to know the easiest way of encrypting LDAP traffic on our LAN without requiring a CA. Or if not possible the easiest way to setup the minimum required to get this scenario working.
3 REPLIES 3
support_5
Super Advisor

Re: SSL with Netscape Directory Server

Hi Simon,

How did you go with this? No replies I see. I am considering using the same approach as you for our site, perhaps we could share our experiences with each other. It would be a shame if it was so hard to simply encrypt traffic over the network. Surely you could setup a certificate and it would just work? Perhaps not.

Keep me posted as to how you go with this.

Thanks.

- Andrew
support_5
Super Advisor

Re: SSL with Netscape Directory Server

Also, which version of Netscape Directory Server are you using?

Thanks.

- Andrew
support_5
Super Advisor

Re: SSL with Netscape Directory Server

To answer your question, we can generate your own certificate using some command line tools provided as part of RedHat directory server (or netscape directory server).

See page 433 of this RedHat Directory Server Administration guide document, titled "using certutil":
http://docs.hp.com/en/7118/ds71admin.pdf

certutil is the command line tool you want to use to do what you have said above.

- Andy