beautypg.com

Enable ssl, Obtain and install server certificates, Enable ssl 58 – Google Postini Directory Sync Configuration Guide User Manual

Page 58: Obtain and install server certificates 58

background image

58

Configuration Guide for Directory Sync

Enable SSL

Secure Sockets Layer (SSL) provides encrypted communications between a
client and server. Directory Sync uses SSL encryption and basic authentication to
guarantee confidentiality and data integrity. Basic authentication requires a user
name and password to connect to a directory server. SSL makes sure that
transmitted data is encrypted and protected.

To enable SSL in the Sun ONE Directory Server, you will need to obtain and
install a certificate, then activate and configure SSL on your directory server.

You can obtain a server certificate from a Certificate Authority such as Verisign or
Entrust. Sun provides a a tool (

certutil

tool) to manage certificates in the Sun

ONE Directory Server Resource Kit (DSRK).

You can download the DSRK at:

http://www.sun.com/download/products.xml?id=3f74a0db

To set your Sun ONE Directory Server up to accept connections from Directory
Sync, use SSL with simple authentication. This uses a bind DN and password to
authenticate a user, and SSL to ensure confidential data transmissions.

Enabling SSL in the Sun ONE Directory Server consists of two parts: obtaining
and installing the certificate, and activating SSL. These steps are summarized
here, and detailed in later sections.

Obtain and install a certificate

1. Create a certificate database.

2. Generate a certificate request.

3. Send the certificate request

4. Install your new certificate.

5. Set your directory server to trust your Certificate Authority.

Activate SSL

1. Activate SSL in your directory server

2. Configure SSL, including the secure ports for LDAP and DSML operations.

Obtain and Install Server Certificates

This section describes the process of creating a certificate database, obtaining
and installing a certificate for use with your Directory Server, and configuring
Directory Server to trust the Certificate Authority's (CA) certificate.

Directory Server will accept any SSL-compliant Certificate Authority, including
self-signed certificates.