Cisco Headend System Release 2.5

 

4017610 Rev A 

23 

 

Follow this procedure to configure the LDAP client with TLS authentication. During 
this procedure, you will use the certificate database tool certutil to create the 
certificate database in the /var/ldap directory. 

 

CAUTION: 
Only appropriately qualified and skilled personnel should attempt to install, 
operate, maintain, and service this product. Incorrectly configuring the system 
can lock all users out of the system. Correcting this requires a lengthy process 
of booting from the OS media and undoing the changes. 

1  If you have not already done so, open an xterm window on the LDAP client and 

log in as root user. 

2  Use a text editor such as vi to open the  /etc/hosts file and add the following 

information to the file: 

LDAP server hostname and IP address

 

3  Type /usr/sfw/bin/certutil -N -d /var/ldap and press Enter, as shown in the 

following example.  
Example: 

LDAP_Client# 

/usr/sfw/bin/certutil -N -d /var/ldap

 

Enter a password which will be used to encrypt your keys.

 

The password should be at least 8 characters long,

 

and should contain at least one non-alphabetic character.

 

4  When the system prompts you to enter a password, press Enter twice. The 

system creates cert8.db, key3.db, and secmod.db in the directory /var/ldap.   

Enter new password: 

 

Re-enter password:

   

5  Type ls -1  -/var/ldap/*.db and press Enter to check for the presence of these files. 

The system should display the following output: 

LDAP_Client# 

ls -1 /var/ldap/*.db

 

/var/ldap/cert8.db

 

/var/ldap/key3.db

 

/var/ldap/secmod.db

 

6  Did the output show all the required files? 

 

If yes, continue with the next step in this procedure. 

 

If no, go back to step 5 and re-execute the ls command. If the problem 
persists, contact Cisco Services and provide a screen capture of the above 
commands.  

7  Copy the Root CA certificate file (cacert.pem) that was obtained from the site 

administrator to the /var/tmp directory.