HP HP-UX Directory Server Administrator's Guide
HP-UX Directory Server administration server guide
HP-UX Directory Server Version 8.1
HP Part Number: 5900-0312
Published: September 2009
Edition: 1
© Copyright 2009 Hewlett-Packard Development Company, L.P.
Confidential computersoftware. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212,Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
The informationcontained hereinis subject to change without notice. The only warrantiesfor HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP
shall not be liable for technical or editorial errors or omissions contained herein.
Table of Contents
1 Introduction to HP-UX Directory Server.........................................................................5
2 Admin Server configuration...........................................................................................7
2.1 Directory Server file locations...........................................................................................................7
2.2 Starting and stopping the Admin Server..........................................................................................7
2.2.1 Starting and stopping Admin Server from the console............................................................7
2.2.2 Starting and stopping Admin Server from the command Line................................................8
2.3 Opening the Admin Server console..................................................................................................8
2.4 Viewing logs....................................................................................................................................10
2.4.1 Viewing the logs through the console.....................................................................................10
2.4.2 Viewing logs in the command line..........................................................................................11
2.4.3 Changing the log name in the console....................................................................................12
2.4.4 Changing the log location in the command line.....................................................................13
2.5 Changing the port number..............................................................................................................13
2.5.1 Changing the port number in the console...............................................................................13
2.5.2 Changing the port number in the command line...................................................................14
2.6 Setting host restrictions...................................................................................................................15
2.6.1 Setting host restrictions in the console....................................................................................15
2.6.2 Setting host restrictions in the command line.........................................................................16
2.7 Changing the admin user's name and password............................................................................17
2.8 Working with SSL............................................................................................................................18
2.8.1 Requesting and installing a server certificate.........................................................................19
2.8.2 Installing a CA certificate........................................................................................................23
2.8.3 Enabling SSL............................................................................................................................27
2.8.4 Creating a password file for the Admin Server......................................................................29
2.9 Changing Directory Server settings................................................................................................30
2.9.1 Changing the configuration directory host or port.................................................................30
2.9.2 Changing the user directory host or port................................................................................31
3 Admin express..............................................................................................................33
3.1 Managing servers in Admin Express..............................................................................................33
3.1.1 Opening Admin Express.........................................................................................................33
3.1.2 Starting and stopping servers.................................................................................................33
3.1.3 Viewing server logs.................................................................................................................33
3.1.4 Viewing server information....................................................................................................34
3.1.5 Monitoring replication from Admin Express.........................................................................34
3.2 Configuring Admin Express...........................................................................................................37
3.2.1 Admin Express file locations...................................................................................................37
3.2.2 Admin Express configuration files..........................................................................................37
3.2.2.1 Files for the Admin Server welcome page......................................................................37
3.2.2.2 Files for the replication status appearance......................................................................39
3.2.2.3 Files for the server information page..............................................................................40
3.2.2.4 Files for the server logs page...........................................................................................41
3.2.3 Admin Express directives.......................................................................................................42
4 Admin Server command-line tools.............................................................................45
4.1 sec-activate.......................................................................................................................................45
4.2 modutil............................................................................................................................................45
Table of Contents 3
5 Support and other resources.......................................................................................51
5.1 Contacting HP.................................................................................................................................51
5.1.1 Information to collect before contacting HP...........................................................................51
5.1.2 How to contact HP technical support.....................................................................................51
5.1.3 HP authorized resellers...........................................................................................................51
5.1.4 Documentation feedback.........................................................................................................51
5.2 Related information.........................................................................................................................51
5.2.1 HP-UX Directory Server documentation set...........................................................................51
5.2.2 HP-UX documentation set......................................................................................................52
5.2.3 Troubleshooting resources......................................................................................................53
5.3 Typographic conventions................................................................................................................53
Glossary............................................................................................................................55
Index.................................................................................................................................65
4 Table of Contents
1 Introduction to HP-UX Directory Server
Identity managementand directory serviceswith HP-UX DirectoryServer use three components,
working in tandem:
• A Java-based management console
• An administration server which also functions as a web server
• An LDAP directory server
Figure 1-1 Interactions between the Console, Admin Server, and Directory Server
The Admin Server processes configuration requests for Directory Server instances and performs
many common server tasks, such as stopping and starting server instances. Directory services
are usually divided into two categories:
• Configuration databases, which store the Console and Admin Server settings and some
Directory Server configuration.
• User databases, which contain user and group information.
5
These databases can be kept in the same Directory Server instance, but it is also possible to break
these services into separate Directory Server instances. In that case, a Directory Server instance's
configuration is stored in a separate Directory Server, called the Configuration Directory Server,
and user data is stored in the User Directory Server. Because the Admin Server processes server
configuration requests for the HP-UX Directory Server, the Configuration Directory Server and
User Directory Server instances are both defined in the Admin Server configuration.
As a web server, the Admin Server provides all the online functions of the Directory Server,
including handling connections to the Console and hosting web applications such as Admin
Express. Clients connect to the Admin Server both over secure and standard connections, since
the Admin Server supports both HTTP or HTTPS, if SSL/TLS is enabled.
When HP-UX Directory Server is installed, then the Admin Server is automatically installed and
configured as well. There can be multiple Directory Server instances on a single machine, and
all use the same instance of Admin Server.
NOTE: There can be only one Admin Server per machine. This single Admin Server instance
can handle multiple instances of Directory Server and other clients which can use the Admin
Server.
When the Console is opened to manage an instance of Directory Server, even if the Console is
on a different machine than the server instance being managed, it contacts the local Admin Server
instance to perform the requested tasks. For example, Admin Server can execute programs to
modify the server and application settings that are stored in the configuration directory or to
change the port number that a server listens to.
The Admin Server itself can be managed through its own Java-based interface, by editing its
configuration files, or through command-line tools.
6 Introduction to HP-UX Directory Server
2 Admin Server configuration
The Admin Server is a separate server from the HP-UX Directory Server, although they work
interdependently. The Admin Server processes, file locations, and configuration options are also
separate. This chapter covers the Admin Server information, including starting and stopping the
Admin Server, enabling SSL, viewing logs, and changing Admin Server configuration properties,
such as the server port number.
2.1 Directory Server file locations
HP-UX Directory Server conforms to the Filesystem Hierarchy Standards. For more information
on FHS, see the FHS homepage, http://www.pathname.com/fhs/.
The following table specifies the location of files and directories installed with Directory Server:
Table 2-1 Location of Directory Server files and directories
LocationFile or directory
Log files
Configuration files
Runtime files
Binaries
Libraries
/var/opt/dirsrv/admin-serv/log
/etc/opt/dirsrv/admin-serv
/var/opt/dirsrv/admin-serv/run
/opt/dirsrv/bin
/opt/dirsrv/sbin
/opt/dirsrv/lib
2.2 Starting and stopping the Admin Server
The Admin Server is running when the setup-ds-admin.pl configuration script completes.
Avoid stopping and starting the server to prevent interrupting server operations.
• When starting in SSL, the start script prompts for the password for the security (SSL
certificate) database. It is possible to restart in SSL without being prompted for a password
by using a password file. See “Creating a password file for the Admin Server” for more
information.
If there is not password file, then the Admin Server cannot be restarted in SSL through the
Console, only the command-line scripts.
• Rebooting the host system can automatically start the Admin Server's httpd process. The
script /sbin/init.d/Hpds-adm starts httpd if the parameter HPDS_ADMIN is set to 1
in /etc/rc.config.d/Hpds-adm. Setting HPDS_ADMIN to 0 disables the automatic start
up.
2.2.1 Starting and stopping Admin Server from the console
1. Start the Console, and open the Admin console.
/opt/dirsrv/bin/hpds-idm-console -a http://localhost:9830
2. In the Tasks tab, click Restart Server or Stop Server.
2.1 Directory Server file locations 7
When the Admin Server is successfully started or stopped from the Console, the server displays
a message box stating that the server has either started or shut down.
2.2.2 Starting and stopping Admin Server from the command Line
The following scripts start, stop, or restart the Admin Server:
Start:
Stop:
Restart:
/opt/dirsrv/sbin/start-ds-admin
/opt/dirsrv/sbin/stop-ds-admin
/opt/dirsrv/sbin/restart-ds-admin
2.3 Opening the Admin Server console
Run the following script to launch the main Console:
/opt/dirsrv/bin/hpds-idm-console
When the login screen opens, the Admin Server prompts for the username, password, and Admin
Server location. The Admin Server location is a URL; for a standard connection, this has the
http: prefix for a standard HTTP protocol. If SSL/TLS is enabled, then this uses the https:
prefix for the secure HTTPS protocol.
8 Admin Server configuration
Figure 2-1 Login box
TIP:
It is possible to send the Admin Server URL and port with the start script. For example:
/opt/dirsrv/bin/hpds-idm-console -a http://localhost:9830
The -a option is a convenience, particularly for logging into a Directory Server for the first time.
On subsequent logins, the URL is saved. If the Admin Server port number is not passed with
the hpds-idm-console command, then the server prompts for it at the Console login screen.
This opens the main Console window. To open the Admin Server Console, select the Admin
Server instance from the server group on the left, then click the Open at the top right of the
window.
2.3 Opening the Admin Server console 9
Figure 2-2 The Admin Server console
2.4 Viewing logs
Log files monitor activity for Admin Server and can help troubleshoot server problems. Admin
Server logs usethe Common Logfile Format, a broadly supported format that provides information
about the server.
Admin Server generates two kinds of logs:
Access logs Access logsshow requests to and responses from the Admin Server. By default,
the file is located at /var/opt/dirsrv/admin-serv/log/access.
Error logs Error logs show messages for errors which the server has encountered since
the log file was created. It also contains informational messages about the
server, such as when the server was started and who tried unsuccessfully to
log on to the server. By default, the file is located at /var/opt/dirsrv/
admin-serv/log/error.
The logs can be viewed through Admin Server Console or by opening the log file.
2.4.1 Viewing the logs through the console
1. Open the Admin Server management window.
2. Click the Configuration tab.
3. Expand the Logs directory, and click the log file name, either Accesses or Error.
10 Admin Server configuration
2.4.2 Viewing logs in the command line
The access log, by default, is at /var/opt/dirsrv/admin-serv/log/access. To view the
access log, open it with a paging utility such as more.
Access logs show connections to the Admin Server based on the IP address of the client, the
username, and the method that the request was sent. Each line has the following format:
ip_address - bind_DN [timestamp -0500] "GET|POST cgi" HTTP_response bytes
Example logs are shown in Example 2-1 “Example access logs”.
Example 2-1 Example access logs
127.0.0.1 - cn=directory manager [23/Dec/2009:19:32:52 -0500] "GET
/admin-serv/authenticate HTTP/1.0" 200 338
192.168.123.121 - cn=directory manager [23/Dec/2009:19:33:14 -0500] "POST
/admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 244
192.168.123.121 - cn=directory manager [23/Dec/2009:19:33:16 -0500] "GET
/admin-serv/tasks/Configuration/ReadLog?op=count&name=access HTTP/1.0"
200 10
The error log, by default, is at /var/opt/dirsrv/admin-serv/log/error. To view the
error log, open it with a paging utility such as more.
Error logs record any problem response from the Admin Server. Like the access log, error logs
also records entries based the client's IP adress, along with the type of error message, and the
message text:
[timestamp] [severity] [client ip_address error_message
The severity message indicates whether the error is critical enough for administrator
intervention. [warning], [error], and [critical] require immediate administrator action.
Any other severity means the error is informational or for debugging.
Example logs are shown in Example 2-2 “Example error logs”.
2.4 Viewing logs 11
Example 2-2 Example error logs
[Mon Dec 22 23:44:59 2009] [notice] [client 127.0.0.1] adm\
serv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Mon Dec 22 23:44:59 2009] [notice] [client 127.0.0.1] adm\
serv_host_ip_check: host [localhost.localdomain] did not match pattern
[*.example.com] -will scan aliases
[Mon Dec 22 23:44:59 2008] [notice] [client 127.0.0.1] adm\
serv_host_ip_check: host alias [localhost] did not match pattern
[*.example.com]
[Mon Dec 22 23:44:59 2008] [notice] [client 127.0.0.1] adm\
serv_check_authz(): passing [/admin-serv/authenticate] to the userauth
handler
[Mon Dec 22 23:45:16 2008] [notice] [client 192.168.123.121] adm\
serv_host_ip_check: ap_get_remote_host could not resolve 192.168.123.121
2.4.3 Changing the log name in the console
The access and error log files' names can be changed to rotate the files. This rotation has to be
done manually to create new files if the existing log files become too large.
1. Open the Admin Server management window.
2. Click the Configuration tab.
3. Click Logs in the left panel.
4. In the Logs window on the right, enter the new log file name.
WARNING!
The path to the log file is absolute and cannot be changed.
5. Click OK to save the changes.
6. Open the Tasks tab, and click the Restart Server button to restart the server and apply the
changes.
12 Admin Server configuration
2.4.4 Changing the log location in the command line
The access and error log files' names and locations can be changed to rotate the files. This rotation
has to be done manually to create new files if the existing log files become too large. The location
can be changed if the default location in /var/opt/dirsrv/admin-serv/log does not meet
the application needs.
The Admin Server configuration is stored in two locations. The main entry is an LDAP entry in
the ConfigurationDirectory Server's o=NetscapeRoot database. The otheris the console.conf
file. Changing the log settings requires changing both settings.
1. Edit the Admin Server configuration entry in the Configuration Directory Server.
a. Get the name of the Admin Server entry. Because the Admin Server entry has a special
object class, nsAdminConfig, it is possible to search for the entry using that object
class to retrieve the DN.
ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com \
-b "o=NetscapeRoot" "(objectclass=nsAdminConfig)" dn
version:1
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
o=NetscapeRoot
b. The Admin Server entry can be edited using ldapmodify. The access and error log
settings are stored in the nsAccessLogs and nsErrorLogs attributes, respectively.
For example:
ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
o=NetscapeRoot
changetype:modify
replace:nsAccessLog
nsAccessLog:/var/opt/dirsrv/admin-serv/log/access_new
Click Enter twice to submit the operation, then Control-C to close ldapmodify.
2. Open the Admin Server configuration directory.
cd /etc/opt/dirsrv/admin-serv
3. Edit the console.conf file. For the access log, edit the path and file name in the CustomLog
parameter. For the error log, edit the path and file name in the ErrorLog parameter.
CustomLog /var/opt/dirsrv/admin-serv/log/access_new common
ErrorLog /var/opt/dirsrv/admin-serv/log/error_new
Leave the term common after the access log path; this means that the access log is in the
Common Log Format.
4. Restart the Admin Server.
/opt/dirsrv/sbin/restart-ds-admin
2.5 Changing the port number
The port number specifies where an instance of Admin Server listens for messages.
The default port number for Admin Server is set when the instance is first installed and the
configuration script, such as setup-ds-admin.pl, is run. The default port number is 9830,
although if that number is in use, then the setup program will use a randomly-generated number
larger than 1024 or one can assign any port number between 1025 and 65535.
2.5.1 Changing the port number in the console
1. Open the Admin Server management window.
2. Click the Configuration tab.
2.5 Changing the port number 13
3. Click the Network tab.
4. Enter the port number for the Admin Server instance in the Port field. The Admin Server
port number has a default number of 9830.
5. Click OK.
6. Open the Tasks tab, and click the Restart Server button to restart the server and apply the
changes.
7. Close the Console, then restart the Console, specifying the new Admin Server port number
in the connection URL.
2.5.2 Changing the port number in the command line
The port number for the Admin Server is 9830 by default.
The Admin Server configuration is stored in two locations. The main entry is an LDAP entry in
the ConfigurationDirectory Server's o=NetscapeRoot database. The otheris the console.conf
file. Changing the port number requires changing both settings.
1. Edit the Admin Server configuration entry in the Configuration Directory Server.
a. Get the name of the Admin Server entry. Since the Admin Server entry has a special
object class, nsAdminConfig, it is possible to search for the entry using that object
class to retrieve the DN.
ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com \
-b "o=NetscapeRoot" "(objectclass=nsAdminConfig)" dn
version:1
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
o=NetscapeRoot
b. The Admin Server entry can be edited using ldapmodify. The port number is set in
the nsServerPort attribute. For example:
ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
o=NetscapeRoot
14 Admin Server configuration
changetype:modify
replace:nsServerPort
nsServerPort:10030
Click Enter twice to submit the operation, then Control+C to close ldapmodify.
2. Open the Admin Server configuration directory.
cd /etc/opt/dirsrv/admin-serv
3. Edit the Listen parameter in the console.conf file.
Listen 0.0.0.0:10030
4. Restart the Admin Server.
/opt/dirsrv/sbin/restart-ds-admin
2.6 Setting host restrictions
Connection restrictions specify which hosts are allowed to connect to the Admin Server. You
can list these hosts by DNS name, IP address, or both. Only host machines listed within the
connection restriction parameters are allowed to connect to the Admin Server. This setting allows
wildcards within a domain or an IP address range to make setting connection restrictions simpler.
2.6.1 Setting host restrictions in the console
1. Open the Admin Server management window.
2. Click the Configuration tab.
3. Click the Network tab.
4. The Connection Restrictions area displays a list of hosts allowed to connect to the Admin
Server. The drop-down list specifies whether the list entries are added by DNS name or by
IP address. The list is evaluated first by host names, then by IP addresses.
5. Click the Add button to add another host to the list of allowed computers. To add a host
name, make sure the drop-down list at the top reads Host Names to allow; to add an IP
address, select IP Addresses to allow.
6. Fill in the host information.
2.6 Setting host restrictions 15
The * wildcard can be used to specify a group of hosts. For instance, *.example.com
allows allmachines in the example.comdomain to access theinstance. Entering 205.12.*.
allows all hosts whose IP addresses begin with 205.12 to access the instance.
When specifying IP address restrictions, include all three separating dots. If you do not, the
Admin Server returns an error message.
7. Click OK to close the Add... dialog box, then click the Save button to save the new host.
8. Open the Tasks tab, and click the Restart Server button to restart the server and apply the
changes.
To change the information for a host or IP address listed, click the Edit button and change the
given information. To remove an allowed host or IP address, select the host from the list, and
click Remove. Admin Server.
2.6.2 Setting host restrictions in the command line
Host restrictions sets rules for what network clients can connect to the Admin Server and,
therefore, to services which use the Admin Server. There are two kinds of host restrictions,
restrictions based on the host or domain name and restrictions based on the IP address.
The Admin Server host restrictions are set in the main configuration entry in the Configuration
Directory Server's o=NetscapeRoot database. There are two attributes for setting host
restrictions, nsAdminAccessAddresses and nsAdminAccessHosts for IP addresses and
host names, respectively.
NOTE:
The Admin Server supports both IPv4 and IPv6 addresses.
The Admin Server entry can be edited using ldapmodify.
To set host restrictions:
1. Get the name of the Admin Server entry. Since the Admin Server entry has a special object
class, nsAdminConfig, it is possible to searchfor the entry using that object class to retrieve
the DN.
ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com \
-b "o=NetscapeRoot" "(objectclass=nsAdminConfig)" dn
version:1
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
o=NetscapeRoot
2. To set IP address-based restrictions, edit the nsAdminAccessAddresses attribute.
ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
16 Admin Server configuration
o=NetscapeRoot
changetype:modify
replace:nsAdminAccessAddresses nsAdminAccessAddresses:72.5.*.*
Click Enter twice to submit the operation, then Ctrl-C to close ldapmodify.
The nsAdminAccessAddresses value can use wildcards to allow ranges. For example,
to allow all IP addresses:
nsAdminAccessAddresses:*
To allow only a subset of addresses on a local network:
nsAdminAccessAddresses:192.168.123.*
3. To set host name or domain-based restrictions, edit the nsAdminAccessHosts attribute.
ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: cn=configuration, cn=admin-serv-example, cn=HPDS Administration
Server, cn=Server Group, cn=server.example.com, ou=example.com,
o=NetscapeRoot
changetype:modify
replace:nsAdminAccessHosts
nsAdminAccessHosts:*.example.com
Click Enter twice to submit the operation, then Control+C to close ldapmodify.
4. Restart the Admin Server to apply the changes.
/opt/dirsrv/sbin/restart-ds-admin
2.7 Changing the admin user's name and password
During installation, you are asked to enter a username and password for the Configuration
Administrator, the user authorized to access and modify the entire configuration directory.
The Configuration Administrator entry is stored in the directory under the following DN:
uid=userID,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
The Configuration Administrator's username and password are managed through the Directory
Server and are represented in an LDAP entry; this is described in the HP-UX Directory Server
administrator guide.
During installation, the Configuration Administrator's username and password are used to
automatically create the Administration Server Administrator. This user can perform
a limited number of administrative tasks, such as starting, stopping, and restarting servers in a
local server group. The Administration Server Administrator is created for the purpose of logging
into the Console when the Directory Server is not running.
The Administration Server Administrator does not have an LDAP entry; it exists only as an entity
in a local configuration file, /etc/opt/dirsrv/admin-serv/admpw.
Even though they are created at the same time during installation, and are identical at that time,
the Configuration Administrator and Administration Server Administrator are two separate
entities. If you change the username or password for one in the Console, the Console does not
automatically make the same changes for the other.
The Administration Server Administrator has full access to all configuration settings in the Admin
Server. The information for the admin user is set on the Access tab in the Console.
2.7 Changing the admin user's name and password 17
NOTE:
The Admin Server administrator username and password are stored in the /etc/opt/dirsrv/
admin-serv/admpw file. For example:
admin:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
The password is encrypted and cannot be changed directly in the admpw file. The username can
be changed in this file, but cannot be used to log into the Console unless the password is updated
in the Console first. For this reason, it is better to edit the Administration Server Administrator
username and password only through the Admin Server Console.
To change the Administration Server Administrator's ID or password:
1. Open the Admin Server management window.
2. Click the Configuration tab.
3. Click the Access tab.
4. Change the admin user's name or password. The username is the ID given for logging into
the Admin Server.
5. Click Save.
2.8 Working with SSL
The Admin Server can run over HTTPS (secure HTTP) if SSL is enabled on the server. There are
steps to enabling SSL:
1. Generating and submitting a certificate request.
2. Receiving and installing the certificate.
3. Trusting the certificate authority (CA) which issued the certificate.
4. Changing the Admin Server configuration to allow SSL connections.
18 Admin Server configuration
2.8.1 Requesting and installing a server certificate
The Admin Server Console has a tool, the Certificate Request Wizard, which generates a valid
certificate request to submit to any certificate authority (CA).
1. In the Admin Server Console, select the Tasks tab, and click Manage Certificates.
2. Create a certificate request.
a. Select the Server Certs tab, and click the Request button.
Click Next.
b. Enter the Requester Information in the blank text fields, then click Next.
2.8 Working with SSL 19
• Server Name.
The fully qualified host name of the Directory Server as it is used in DNS and
reverse DNS lookups; for example, server.example.com. The server name is
critical for client-side validation to work, which prevents man-in-the-middle attacks.
IMPORTANT:
This must be a valid host name that can be resolved correctly by all Admin Server
clients, or TLS/SSL will not work.
• Organization.
The legal name of the company or institution. Most CAs require this information
to be verified with legal documents such as a copy of a business license.
• Organizational Unit.
(Optional) A descriptive name for the organization within the company.
• Locality.
(Optional) The company's city name.
• State or Province.
The full name of the company's state or province (no abbreviations).
• Country.
The two-character abbreviation for the country's name (ISO format). The country
code for the United States is US.
c. Enter the password that used to protect the private key, and click Next.
20 Admin Server configuration
The Next button is grayed out until a password is supplied.
3. The Request Submission dialog box provides two ways to submit a request: directly to
the CA (if there is one internally) or manually. To submit the request manually, select Copy
to Clipboard or Save to File to save the certificate request which will be submitted to the
CA.
2.8 Working with SSL 21
Loading...