8.5 Driver Security Certificates

SSL uses security certificates to control, encrypt, and authenticate communications.

Ensure that the security certificate directory /usr/local/nxdrv/keys is appropriately protected. The installation program sets secure file permissions for this directory.

The Driver Shim and the Identity Manager engine communicate through SSL using a certificate created in the Identity Vault and retrieved by the driver shim during the installation process. For more information on this certificate and how to renew or install third-party certificates, refer to the Identity Manager Administration Guide.

The Embedded Remote Loader web interface uses a dynamically generated, self-signed certificate for SSL communication. The details of this certificate are as follows:

Renewal of this certificate automatically occurs every time the driver shim is restarted on the connected platform.

If you have configured your Driver Shim to provide remote NIS or NIS+ clients with password publishing, a certificate is generated during installation for SSL authorization and communication. This certificate is a self-signed certificate authority with the following certificate properties:

These properties can be configured and renewed at any time. For information on how to configure these properties, refer to Section C.2, The Remote Publisher Configuration File.

When remote NIS or NIS+ clients are configured to publish passwords, they retrieve a certificate from the Driver Shim and use this for SSL communication and client authorization. The client certificates contain the following certificate properties:

For more information on how to configure these certificate properties, refer to Section C.2, The Remote Publisher Configuration File.