Jerry, I have managed to set up AREA LDAP over SSL on our HP server. First, we tried to import the certificate directly to the cert7.db file using the certutil utility, which worked fine, but Remedy authentication was not working with cert7.db file generated this way.
Next option was using stunnel or similar utility to create secure connection from Remedy server to the LDAP machine. That worked fine, only worry is that you are relying on yet another external process running. In this case the AREA LDAP is configured to connect to a port on the Remedy server and stunnel takes care of forwarding that connection securely to LDAP server. Finally, you can try to run Netscape on your Remedy server and attempt connecting to the LDAP server over https. You can use a URL like https:\\your.LDAP.server:636 (not sure about the exact syntax of the URL) After connecting, Netscape will ask if you trust the site and want to install the certificate. After answering yes, the cert7.db file should get updated. You can then reference this file in the AREA LDAP configuration and all should work. Hope this will help and save you some time. Regards Jiri -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Niman Sent: 01 September 2006 09:21 To: arslist@arslist.org Subject: AREA LDAP Authentication on Solaris using SSL Dear listers who are not at BUW (and those who are and are checking their email!) ARS 6.3 Solaris 8 I am currently using AREA LDAP successfully to authenticate ARS users to an LDAP tree fronting Novell E-Directory. Everyone thinks it's marvellous. However, the E-Directory team want to withdraw the unencrypted LDAP service, and require everyone to use LDAP over SSL. Fair enough, a very sensible thing to do. The LDAP tree certificate doesn't go back to one of the trusted root certificate authorities, but is self signed. There is a RootCert.der certificate to be imported. However, the AREA LDAP plug-in is based on the Netscape SDK, and requires a cert7.db and key3.db incorporating the credentials. On Windows, I can do this by running version 4.7 of Netscape and opening the RootCert.der file. This imports it and incorporates the credentials into the cert7.db and key3.db files. This is explained at http://listserv.rbugs.com/cgi-bin/wa.exe?A2=ind0402&L=arslist&P=R54534 However, if I try the same on Solaris, it doesn't work, and I can't seem to copy across the db files from Windows to Solaris - or at least Netscape on Solaris seems not to notice them. Does anyone have any suggestions? Jerry Jerry Niman Tel +44 (0)161-247 1474 Head of Information Systems Email [EMAIL PROTECTED] the Manchester Metropolitan University Mobile +44 (0)7770 638104 Before acting on this email or opening any attachments you should read the Manchester Metropolitan University's email disclaimer available on its website http://www.mmu.ac.uk/emaildisclaimer ________________________________________________________________________ _______ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org NOTICE AND DISCLAIMER: This email (including attachments) is confidential. If you have received this email in error please notify the sender immediately and delete this email from your system without copying or disseminating it or placing any reliance upon its contents. We cannot accept liability for any breaches of confidence arising through use of email. Any opinions expressed in this email (including attachments) are those of the author and do not necessarily reflect our opinions. We will not accept responsibility for any commitments made by our employees outside the scope of our business. We do not warrant the accuracy or completeness of such information. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
