![Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR Скачать руководство пользователя страница 389](http://html1.mh-extra.com/html/netscape/netscape-directory-server-6-1-administrator/netscape-directory-server-6-1-administrator_administrators-manual_1674675389.webp)
Setting Security Preferences
Chapter
11
Managing SSL
389
10.
If you want Netscape Console to use SSL during communications with
Directory Server, select Use SSL in Netscape Console.
11.
If you configured Directory Server for certificate based client authentication,
you can further configure the server to verify the authenticity of requests by
selecting the “Check hostname against name in certificate for outbound SSL
connections” option. The server does this verification by matching the
hostname against the value assigned to the Common Name (CN) attribute of
the subject name in the certificate being presented for authentication.
By default, this feature is disabled. If it’s enabled and if the hostname does not
match the CN attribute of the certificate, appropriate error and audit messages
are logged. For example, in a replicated environment, messages similar to these
are logged in the supplier server’s log files if it finds that the peer server’s
hostname doesn’t match the name specified in its certificate:
[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81
(Netscape runtime error -12276 - Unable to communicate securely
with peer: requested domain name does not match the server's
certificate.)
[DATE] NSMMReplicationPlugin - agmt="cn=to ultra60 client auth"
(ultra60:1924): Replication bind with SSL client authentication
failed: LDAP error 81 (Can’t contact LDAP server)
It is recommended that you enable this option to protect Directory Server’s
outbound SSL connections against a Man In The Middle (MITN) attack.
12.
Click Save.
13.
Restart the Directory Server.
See “Starting the Server with SSL Enabled,” on page 40 for more information.
Setting Security Preferences
You can choose the type of ciphers you want to use for SSL communications. A
cipher is the algorithm used in encryption. Some ciphers are more secure or stronger
than others. Generally speaking, the more bits a cipher uses during encryption, the
more difficult it is to decrypt the key. For a more complete discussion of algorithms
and their strength, see Managing Servers with Netscape Console.
Содержание NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
Страница 1: ...Administrator s Guide Netscape Directory Server Version6 1 August 2002...
Страница 20: ...20 Netscape Directory Server Administrator s Guide August 2002...
Страница 24: ...24 Netscape Directory Server Administrator s Guide August 2002...
Страница 44: ...Starting the Server in Referral Mode 44 Netscape Directory Server Administrator s Guide August 2002...
Страница 78: ...Maintaining Referential Integrity 78 Netscape Directory Server Administrator s Guide August 2002...
Страница 142: ...Using Referrals 142 Netscape Directory Server Administrator s Guide August 2002...
Страница 162: ...Enabling and Disabling Read Only Mode 162 Netscape Directory Server Administrator s Guide August 2002...
Страница 278: ...Setting Resource Limits Based on the Bind DN 278 Netscape Directory Server Administrator s Guide August 2002...
Страница 336: ...Troubleshooting Replication Related Problems 336 Netscape Directory Server Administrator s Guide August 2002...
Страница 396: ...Configuring LDAP Clients to Use SSL 396 Netscape Directory Server Administrator s Guide August 2002...
Страница 418: ...Monitoring Database Link Activity 418 Netscape Directory Server Administrator s Guide August 2002...
Страница 440: ...Miscellaneous Tuning Tips 440 Netscape Directory Server Administrator s Guide August 2002...
Страница 442: ...442 Netscape Directory Server Administrator s Guide August 2002...
Страница 478: ...PTA Plug In Syntax Examples 478 Netscape Directory Server Administrator s Guide August 2002...
Страница 498: ...498 Netscape Directory Server Administrator s Guide August 2002...
Страница 512: ...Storing Information in Multiple Languages 512 Netscape Directory Server Administrator s Guide August 2002...
Страница 532: ...Searching an Internationalized Directory 532 Netscape Directory Server Administrator s Guide August 2002...
Страница 538: ...Examples of LDAP URLs 538 Netscape Directory Server Administrator s Guide August 2002...