zoukankan      html  css  js  c++  java
  • Enable ITDS to use SSL/TLS

    Enable ITDS to use SSL/TLS

    By default, ITDS V6.2 does not comes configured to use SSL or TLS connections. To enable SSL and TLS, make sure that a Server Certificate (self-signed or issued by a Certificate Authority) is configured in a CMS database and make sure that the Directory Server is running (idsspald -I dsrdbm01 is running).

    About this task

    Follow these steps:

    Procedure

    1. Create an LDAP Data Interchange Format (LDIF) file named enable_SSLTLS.ldif, containing the following (modify as appropriate):
      dn: cn=SSL,cn=Configuration changetype: modify replace: ibm-slapdSslAuth ibm-slapdSslAuth: serverAuth - replace: ibm-slapdSecurity ibm-slapdSecurity: SSLTLS  dn: cn=SSL,cn=Configuration changetype: modify replace: ibm-slapdSSLKeyDatabase ibm-slapdSSLKeyDatabase: /home/dsrdbm01/idsslapd-dsrdbm01/etc/serverkey.kdb - replace:ibm-slapdSslCertificate ibm-slapdSslCertificate: IDS Instance - replace: ibm-slapdSSLKeyDatabasePW ibm-slapdSSLKeyDatabasePW: cmspass
      Note: Watch for trailing spaces in the LDIF file (which may cause syntax errors). The example above has no trailing spaces after each line.
    2. Use the ITDS client LDAP command ldapmodify to merge the configuration:
      [root@itds ~]# /opt/ibm/ldap/V6.2/bin/ldapmodify -v -D cn=root -w ldaprootpass \                -i enable_SSLTLS.ldif ldap_init(localhost, 389) replace ibm-slapdSslAuth: 	BINARY (10 bytes) serverAuth replace ibm-slapdSecurity: 	BINARY (6 bytes) SSLTLS Operation 0 modifying entry cn=SSL,cn=Configuration  replace ibm-slapdSSLKeyDatabase: 	BINARY (48 bytes) /home/dsrdbm01/idsslapd-dsrdbm01/etc/serverkey.kdb replace ibm-slapdSslCertificate: 	BINARY (12 bytes) IDS Instance replace ibm-slapdSSLKeyDatabasePW: 	BINARY (6 bytes) cmspass Operation 1 modifying entry cn=SSL,cn=Configuration  [root@itds ~]#

      Note that the ldapmodify command, when a hostname is not specified, will try to modify the instance running in the local host at the default port.

    3. Restart the Directory Server's instance and Administration daemon:
      [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/idsslapd -k -I dsrdbm01 GLPSRV176I Terminated directory server instance 'dsrdbm01' normally. [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/ibmdiradm -k -I dsrdbm01 GLPADM034I Stopped Admin Daemon instance: 'dsrdbm01'. [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/ibmdiradm -I dsrdbm01 GLPADM056I Admin Daemon starting. ... GLPCOM003I Non-SSL port initialized to 3538. GLPCOM004I SSL port initialized to 3539. [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/idsslapd -I dsrdbm01 GLPSRV041I Server starting. ... GLPCOM003I Non-SSL port initialized to 389. GLPCOM004I SSL port initialized to 636. [root@itds ~]#

      Watch for errors or warnings on the output of each command.

    4. Check for SSL connectivity locally using ITDS ldapsearch command:
      [root@itds ~]# /opt/ibm/ldap/V6.2/bin/ldapsearch -D cn=root -w ldaprootpass \                 -s sub -Z -K /home/dsrdbm01/idsslapd-dsrdbm01/etc/serverkey.kdb \                 -P cmspass objectclass=* cn=localhost cn=localhost objectclass=container objectclass=top ... [root@itds ~]#
    5. Check for errors or warnings on the output. The command above tests the SSL connectivity only. For testing the TLS connectivity, replace the -Zparameter with -Y.
    单击以展开元素选择
  • 相关阅读:
    提高C#编程水平的50个要点
    纯CSS Tooltips..
    分支结构程序设计
    个性测试题
    CSS与DIV
    数据库设计中的14个技巧
    XML文档处理(树的应用)
    使用设计模式构建通用数据库访问类
    什么样简历最受名企欢迎?
    如何做需求分析
  • 原文地址:https://www.cnblogs.com/jjkv3/p/2602868.html
Copyright © 2011-2022 走看看