Install the authentication manager plugin in Netscape console.
|
|
Prerequisites
To be successful in this exercise you must have completed the following
activities or have the following information at hand:
- You must have imported the agent's certificate into the system you are using.
- You must use the SSL End-Entity port
(in the installation module we recommended that you use 17005).
Procedure
In this exercise you will play two key roles: first you will act
as an administrator and set up the authentication manager plugin in Netscape console.
This plugin must be in place and configured to handle automatic access to the LDAP database.
You will also use Netscape Console to establish a user for whom a certificate will be issued.
In your second role, you will act as an end-entity requesting a certificate using
the automatic user enrollment form.
To accomplish this you will use Netscape console on your system and one
browser window to get the certificate.
Read the following steps. You can view each step then perform
the operation on your system, or read all the steps first then perform the operation.
Step 1
Use Netscape Console to establish and configure the authentication manager plugin as demonstrated below.
Figure 6.9
Configuration Values For Authentication Instance Editor
Config Parameter
|
Value
|
dnpattern |
E=$attr.mail, CN=$attr.cn, O=$dn.c |
ldapStringAttributes |
mail, mailalternateaddress |
ldapByteAttributes |
<leave blank> |
ldap.ldapconn.host |
smith.mcom.com <machineName.your_domain.domain> |
ldap.ldapconn.port |
389 <If you installed your Directory Server with a
different port, use that port number> |
ldap.ldapconn.secureConn |
false <Specifies whether the port to the directory
is HTTP (false) or HTTPS (true).> |
ldap.ldapconn.version |
3 <specifies the LDAP protocol version> |
ldap.basedn |
o=mcom.com <During installation of the directory server,
you specified a base dn. Use that value.> |
ldap.minConns |
2 |
ldap.maxConns |
10 |
These values should work for a typical installation.
Step 2
You must add a user for whom a certificate will be automatically issued.
There are a variety of ways to do this, but for this exercise you will
use Netscape Console as shown below.
Figure 6.10
Step 3
Start a Navigator window and connect to the end-entity port as described
in the Manual Enrollment section.
Once you are connected, request a certificate
through the Directory-based enrollment process as demonstrated below.
Note that you may have to go through the process of accepting the CMS4
server's certificate in order to get to the enrollment form.
Figure 6.11
This concludes this exercise.
|