zoukankan      html  css  js  c++  java
  • Enable ITDS to use SSL/TLS

    Enable ITDS to use SSL/TLS

    By default, ITDS V6.2 does not comes configured to use SSL or TLS connections. To enable SSL and TLS, make sure that a Server Certificate (self-signed or issued by a Certificate Authority) is configured in a CMS database and make sure that the Directory Server is running (idsspald -I dsrdbm01 is running).

    About this task

    Follow these steps:

    Procedure

    1. Create an LDAP Data Interchange Format (LDIF) file named enable_SSLTLS.ldif, containing the following (modify as appropriate):
      dn: cn=SSL,cn=Configuration changetype: modify replace: ibm-slapdSslAuth ibm-slapdSslAuth: serverAuth - replace: ibm-slapdSecurity ibm-slapdSecurity: SSLTLS  dn: cn=SSL,cn=Configuration changetype: modify replace: ibm-slapdSSLKeyDatabase ibm-slapdSSLKeyDatabase: /home/dsrdbm01/idsslapd-dsrdbm01/etc/serverkey.kdb - replace:ibm-slapdSslCertificate ibm-slapdSslCertificate: IDS Instance - replace: ibm-slapdSSLKeyDatabasePW ibm-slapdSSLKeyDatabasePW: cmspass
      Note: Watch for trailing spaces in the LDIF file (which may cause syntax errors). The example above has no trailing spaces after each line.
    2. Use the ITDS client LDAP command ldapmodify to merge the configuration:
      [root@itds ~]# /opt/ibm/ldap/V6.2/bin/ldapmodify -v -D cn=root -w ldaprootpass \                -i enable_SSLTLS.ldif ldap_init(localhost, 389) replace ibm-slapdSslAuth: 	BINARY (10 bytes) serverAuth replace ibm-slapdSecurity: 	BINARY (6 bytes) SSLTLS Operation 0 modifying entry cn=SSL,cn=Configuration  replace ibm-slapdSSLKeyDatabase: 	BINARY (48 bytes) /home/dsrdbm01/idsslapd-dsrdbm01/etc/serverkey.kdb replace ibm-slapdSslCertificate: 	BINARY (12 bytes) IDS Instance replace ibm-slapdSSLKeyDatabasePW: 	BINARY (6 bytes) cmspass Operation 1 modifying entry cn=SSL,cn=Configuration  [root@itds ~]#

      Note that the ldapmodify command, when a hostname is not specified, will try to modify the instance running in the local host at the default port.

    3. Restart the Directory Server's instance and Administration daemon:
      [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/idsslapd -k -I dsrdbm01 GLPSRV176I Terminated directory server instance 'dsrdbm01' normally. [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/ibmdiradm -k -I dsrdbm01 GLPADM034I Stopped Admin Daemon instance: 'dsrdbm01'. [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/ibmdiradm -I dsrdbm01 GLPADM056I Admin Daemon starting. ... GLPCOM003I Non-SSL port initialized to 3538. GLPCOM004I SSL port initialized to 3539. [root@itds ~]# /opt/ibm/ldap/V6.2/sbin/idsslapd -I dsrdbm01 GLPSRV041I Server starting. ... GLPCOM003I Non-SSL port initialized to 389. GLPCOM004I SSL port initialized to 636. [root@itds ~]#

      Watch for errors or warnings on the output of each command.

    4. Check for SSL connectivity locally using ITDS ldapsearch command:
      [root@itds ~]# /opt/ibm/ldap/V6.2/bin/ldapsearch -D cn=root -w ldaprootpass \                 -s sub -Z -K /home/dsrdbm01/idsslapd-dsrdbm01/etc/serverkey.kdb \                 -P cmspass objectclass=* cn=localhost cn=localhost objectclass=container objectclass=top ... [root@itds ~]#
    5. Check for errors or warnings on the output. The command above tests the SSL connectivity only. For testing the TLS connectivity, replace the -Zparameter with -Y.
    单击以展开元素选择
  • 相关阅读:
    自我介绍
    自动生成小学生四则运算(C语言)
    黄金点游戏
    7/5linux命令(整理中)
    第二章内容及作业
    第三章笔记
    第一章作业
    第一阶段笔记整理7.23
    第三章课后作业
    7/6linux命令
  • 原文地址:https://www.cnblogs.com/jjkv3/p/2602868.html
Copyright © 2011-2022 走看看