Cisco Headend System Release 2.7
Enable the LDAP Client with TLS Authentication
4017610 Rev A
23
Enabling the LDAP Client with TLS Authentication
Follow this procedure to configure the LDAP client with TLS authentication. During
this procedure, you will use the certificate database tool certutil to create the
certificate database in the /var/ldap directory.
this procedure, you will use the certificate database tool certutil to create the
certificate database in the /var/ldap directory.
CAUTION:
Only appropriately qualified and skilled personnel should attempt to install,
operate, maintain, and service this product. Incorrectly configuring the system
can lock all users out of the system. Correcting this requires a lengthy process
of booting from the OS media and undoing the changes.
Only appropriately qualified and skilled personnel should attempt to install,
operate, maintain, and service this product. Incorrectly configuring the system
can lock all users out of the system. Correcting this requires a lengthy process
of booting from the OS media and undoing the changes.
1 If you have not already done so, open an xterm window on the LDAP client and
log in as root user.
2 Use a text editor such as vi to open the /etc/hosts file and add the following
information to the file:
LDAP server hostname and IP address
3 Type /usr/sfw/bin/certutil -N -d /var/ldap and press Enter, as shown in the
following example.
Example:
Example:
LDAP_Client#
/usr/sfw/bin/certutil -N -d /var/ldap
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.
4 When the system prompts you to enter a password, press Enter twice. The
system creates cert8.db, key3.db, and secmod.db in the directory /var/ldap.
Enter new password:
Re-enter password:
5 Type ls -1 -/var/ldap/*.db and press Enter to check for the presence of these files.
The system should display the following output:
LDAP_Client#
ls -1 /var/ldap/*.db
/var/ldap/cert8.db
/var/ldap/key3.db
/var/ldap/secmod.db
6 Did the output show all the required files?
If yes, continue with the next step in this procedure.
If no, go back to step 5 and re-execute the ls command. If the problem
persists, contact Cisco Services and provide a screen capture of the above
commands.
persists, contact Cisco Services and provide a screen capture of the above
commands.
7 Copy the Root CA certificate file (cacert.pem) that was obtained from the site
administrator to the /var/tmp directory.