Configure the SSL Simple(SSL+external) connection for SunOne Directory server
来源:互联网 发布:手腕腱鞘炎 知乎 编辑:程序博客网 时间:2024/05/19 23:12
1.Open xca and create CA
1.1 new database and name the database as certs
1.2 enter the password to protect this server,the password as 12345678
1.3 Move to Certificates tab and click the New Certificate button on the left part.
1.4 A windows named Create x509 Certificate will prompt.
1.5 Click the Source tab on this windows
1.5.1 Template for the new certificate:[Default] CA
1.5.2 Signing->Create a self signed certificate with the serial:1
1.6 Click to Subject tab
1.6.1 OrganizationName:Example
1.6.2 OrganizationUnitName:Engineer, please note that on the directory server,
the ou=Engineer,o=techlogy,dc=example,dc=com existed before typing the above 2 values.
1.6.3 Click the Generate a new key button at the right-bottom part and
enter the name of new key as certkey.
1.6.4 Interal name:Cacert
1.7 Click the Extensions tab and select Type as "Certification Authority".
2. Generate SSL request on Sunone Directory server side
2.1 Open Sunone Directory server management console
2.2 Click the Tasks tab and then click the Manage Certificates button.
2.3 Click Request..-->check the Request certificate Manually->Next
2.4 Certificate Request Wizard will prompt.
2.4.1 Servername: hostname,such as VM-AD-SUN-HENRY.example.com
2.4.2 Let the left other items as empty, such as Organization,
Organization Unit, City/Local, State/Province,Country/Region.
2.5 The warning window will prompt: Empty Fields-One or More fields are empty...
Do you want to continue? --Click Yes
2.6 Enter the password to access the token, set the password value as "example1234".
2.7 Click the "Save to file" button to save the request certification.
set the default name as server.req.
2.8 Remove the empty line on the server.req file.
3. Import the server.req to XCA and sign it.
3.1 Open XCA and move to Certificate signing requests tab.
3.2 Click the button of "Import" on the right.
3.3 Select the server certificate request and Click the right mouse and then click the "Sign"
3.4 Use this Certificate for Signing,select Cacert
3.5 Signature algorithm: SHA1
3.6 Template for the new cerficate: [Default]HTTPS_server
4. Generate Client cerification for SSL+External(This step can be ignored if we configure for SSL+Simple)
4.1 Open XCA and go to Certificates tab
4.2 Click the "New Certificate" button on the right.
4.3 The "Create X509 Certificate" Window will prompt.
4.3.1 Go to Source tab
Signing--> Check "Use this Ceriticate for signing"--> Cacert
Signature algorithm-->SHA1
Template for the new certificate--> [Default]HTTPS_Client
4.3.2 Go to Subject tab
4.3.2.1 Internal name: clientcert
4.3.2.2 Generate a new key: clientcertkey
Keytype:RSA
Keysize:1024bit
4.3.2.3 Added the below information for the userDN:cn=admin,ou=administrators,ou=toplogymanagement,o=netscaperoot
Type Content
organizationName netscaperoot
organizationUnitName toplogymanagement
organizationUnitName administrators
commonName admin
Please note that the order of these item should be on order.
4.3.3 Set the other items as default.
5. Export the signed certification
5.1 Export Cacert certification:
5.1.1 Move the mouse on the Cacert and click the right mouse -->Export-->File
5.1.2 Filename: Cacert.crt
Export Format:PEM
5.1.3 Filename: Cacert.cer
Export Format:DER
5.2 Export Client certification:
5.2.1 Move the mouse to the Clientcert and click the right mouse-->Export-->File
5.2.2 Filename:
Filename:clientcert.p12
Export Format:PKCS#12
Enter the password to encrypt the PKCS#12 file: example2012go!
5.3 Export Server certification:
5.3.1 Move the mouse to the server certificate(VM-AD-SUN-HENRY.example.com) and click the right
mouse-->Export-->File
5.3.2 Filename:VM-AD-SUN-HENRY.example.com.crt
Export Format:PEM
6.Install the signed server and CA ceritificate for sunone directory server.
6.1 Go to Sunone Directory Management console
6.2 Go to Manage Certificates-->Server certs-->Install...--> in this local file-->Browse-->
select the full path VM-AD-SUN-HENRY.example.com.crt
6.3 Enter the password to access the token: example1234(this password was the same as 2.6)
6.4 Go to Manage Certificates-->CA certs-->Install...--> in this local file-->Browse-->Cacert.crt
7. Generate Keystore
7.1 cd \
7.2 keytool -import -v -alias Cacert -file C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\Cacert.cer -keystore C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\CAKeyStore
8. Configure Network and Encryption for Sunone Directory server
8.1 LDAP Directory server console-->Encryption tab
8.1.1 Check "Enable SSL for this server"
8.1.2 Check "Use this cipher family:RSA"
Security Device: internal(Software)
Certificate: Server-cert
8.1.3 DSML Client Authentication: HTTP Basic(Use authentication in HTTP header).
8.2 Network tab
8.2.1 Check "Both secure and non secure ports".
8.2.2 Check "Enable DSML".
Check only non secure port.
1.1 new database and name the database as certs
1.2 enter the password to protect this server,the password as 12345678
1.3 Move to Certificates tab and click the New Certificate button on the left part.
1.4 A windows named Create x509 Certificate will prompt.
1.5 Click the Source tab on this windows
1.5.1 Template for the new certificate:[Default] CA
1.5.2 Signing->Create a self signed certificate with the serial:1
1.6 Click to Subject tab
1.6.1 OrganizationName:Example
1.6.2 OrganizationUnitName:Engineer, please note that on the directory server,
the ou=Engineer,o=techlogy,dc=example,dc=com existed before typing the above 2 values.
1.6.3 Click the Generate a new key button at the right-bottom part and
enter the name of new key as certkey.
1.6.4 Interal name:Cacert
1.7 Click the Extensions tab and select Type as "Certification Authority".
2. Generate SSL request on Sunone Directory server side
2.1 Open Sunone Directory server management console
2.2 Click the Tasks tab and then click the Manage Certificates button.
2.3 Click Request..-->check the Request certificate Manually->Next
2.4 Certificate Request Wizard will prompt.
2.4.1 Servername: hostname,such as VM-AD-SUN-HENRY.example.com
2.4.2 Let the left other items as empty, such as Organization,
Organization Unit, City/Local, State/Province,Country/Region.
2.5 The warning window will prompt: Empty Fields-One or More fields are empty...
Do you want to continue? --Click Yes
2.6 Enter the password to access the token, set the password value as "example1234".
2.7 Click the "Save to file" button to save the request certification.
set the default name as server.req.
2.8 Remove the empty line on the server.req file.
3. Import the server.req to XCA and sign it.
3.1 Open XCA and move to Certificate signing requests tab.
3.2 Click the button of "Import" on the right.
3.3 Select the server certificate request and Click the right mouse and then click the "Sign"
3.4 Use this Certificate for Signing,select Cacert
3.5 Signature algorithm: SHA1
3.6 Template for the new cerficate: [Default]HTTPS_server
4. Generate Client cerification for SSL+External(This step can be ignored if we configure for SSL+Simple)
4.1 Open XCA and go to Certificates tab
4.2 Click the "New Certificate" button on the right.
4.3 The "Create X509 Certificate" Window will prompt.
4.3.1 Go to Source tab
Signing--> Check "Use this Ceriticate for signing"--> Cacert
Signature algorithm-->SHA1
Template for the new certificate--> [Default]HTTPS_Client
4.3.2 Go to Subject tab
4.3.2.1 Internal name: clientcert
4.3.2.2 Generate a new key: clientcertkey
Keytype:RSA
Keysize:1024bit
4.3.2.3 Added the below information for the userDN:cn=admin,ou=administrators,ou=toplogymanagement,o=netscaperoot
Type Content
organizationName netscaperoot
organizationUnitName toplogymanagement
organizationUnitName administrators
commonName admin
Please note that the order of these item should be on order.
4.3.3 Set the other items as default.
5. Export the signed certification
5.1 Export Cacert certification:
5.1.1 Move the mouse on the Cacert and click the right mouse -->Export-->File
5.1.2 Filename: Cacert.crt
Export Format:PEM
5.1.3 Filename: Cacert.cer
Export Format:DER
5.2 Export Client certification:
5.2.1 Move the mouse to the Clientcert and click the right mouse-->Export-->File
5.2.2 Filename:
Filename:clientcert.p12
Export Format:PKCS#12
Enter the password to encrypt the PKCS#12 file: example2012go!
5.3 Export Server certification:
5.3.1 Move the mouse to the server certificate(VM-AD-SUN-HENRY.example.com) and click the right
mouse-->Export-->File
5.3.2 Filename:VM-AD-SUN-HENRY.example.com.crt
Export Format:PEM
6.Install the signed server and CA ceritificate for sunone directory server.
6.1 Go to Sunone Directory Management console
6.2 Go to Manage Certificates-->Server certs-->Install...--> in this local file-->Browse-->
select the full path VM-AD-SUN-HENRY.example.com.crt
6.3 Enter the password to access the token: example1234(this password was the same as 2.6)
6.4 Go to Manage Certificates-->CA certs-->Install...--> in this local file-->Browse-->Cacert.crt
7. Generate Keystore
7.1 cd \
7.2 keytool -import -v -alias Cacert -file C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\Cacert.cer -keystore C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\CAKeyStore
8. Configure Network and Encryption for Sunone Directory server
8.1 LDAP Directory server console-->Encryption tab
8.1.1 Check "Enable SSL for this server"
8.1.2 Check "Use this cipher family:RSA"
Security Device: internal(Software)
Certificate: Server-cert
8.1.3 DSML Client Authentication: HTTP Basic(Use authentication in HTTP header).
8.2 Network tab
8.2.1 Check "Both secure and non secure ports".
8.2.2 Check "Enable DSML".
Check only non secure port.
复制搜索
复制搜索
复制搜索
复制搜索
- Configure the SSL Simple(SSL+external) connection for SunOne Directory server
- How to configure SSL +External connection for IBM TDS6.2 LDAP server
- checking for SSL headers... configure: error: Cannot find ssl headers
- checking for SSL headers... configure: error: Cannot find ssl headers
- ssl connection
- Configure SSL server and client PSE
- Simple HTTP/HTTPS server supporting SSL/TLS
- The underlying connection was closed:Could not establish trust relationship for the SSL/TLS secure
- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure
- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure
- WARN: Establishing SSL connection without server
- 警告: Establishing SSL connection without server
- An SSL error has occurred and a secure connection to the server cannot be made
- An SSL error has occurred and a secure connection to the server cannot be made.
- Troubleshot for SSL issue for Weblogic server
- centos configure SSL
- make出错 ./configure: error: SSL modules require the OpenSSL library.
- ./configure: error: SSL modules require the OpenSSL library.
- 96、Oracle常用dump命令
- 基于lib3ds和OpenGL的3ds文件的读取与显示
- squid 开启 ssl
- Android Launcher全面剖析
- Closure常用工具类
- Configure the SSL Simple(SSL+external) connection for SunOne Directory server
- Android WIFI框架分析(2)
- goahead 翻译---Active Server Pages
- Design Pattern--Adapter
- MSSQL:数据库中查找重复记录和删除重复记录的sql
- 97、Oracle 索引 详解
- Closure类和继承
- oracle分页Sql
- 98、Oracle分析表和索引