ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyrepsecure.htm

63 lines
3.8 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Set up replication over a secure connection</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<img src="delta.gif" alt="Start of change" />
<a name="rzahyrepsecure"></a>
<h3 id="rzahyrepsecure">Set up replication over a secure connection</h3>
<p>Replication over SSL should be set up in stages so that you can verify
everything as you go through the process.</p>
<p>Before attempting to configure replication over a secure connection, you
should complete the following tasks (in any order):</p>
<ul>
<li>Configure replication over a non-secure connection.</li>
<li>Configure the consumer server to accept secure connections over the secure
port. Verify that a client can use a secure connection to the consumer server,
for example, by using the ldapsearch utility. If you want a supplier server
to use a certificate for authentication, such as SASL external bind over SSL,
you should first set up server authentication and then client and server authentication,
where the "server" is the consumer server and the client is the supplier server.
<a name="wq285"></a>
<div class="notetitle" id="wq285">Note:</div>
<div class="notebody">When the server is configured to use client and server authentication,
all clients using SSL are required to have a client certificate.</div></li>
<li>Configure the supplier server to trust the certificate authority that
issued the consumer's certificate.</li></ul>
<p></p>
<ol type="1">
<li>In the Web administration tool, click <span class="bold">Manage
topology</span> under the <span class="bold">Replication management</span>category.</li>
<li>Choose one of the existing agreements that you want to make secure.</li>
<li>Choose <span class="bold">Edit agreement...</span> and select to
use SSL making sure to use the correct port number. 636 is the standard secure
port number.</li>
<li>Verify that replication over the agreement is working properly.</li></ol>
<p>If you are only trying to set up replication to authenticate using a DN
and a password over a secure connection, the preceding steps have done this
for you. Authentication using a client certificate requires a different credentials
object to be used by the supplier server in its agreement, as well as configuring
the consumer server to accept that certificate as a supplier server.</p><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>