This section contains information about the authentication certificates used by each of the NNLS components.
The Apache Web server that is installed with NNLS is not configured as an LDAP client by default. The /etc/opt/novell/httpd/conf/httpd.conf file contains an LDAP section toward the end that has been commented out. This can be modified to turn on LDAP authentication and configure the settings. The file can point to either a .B64 or .DER certificate for server authentication.
To enable HTTPS connectivity, the NNLS install creates a default certificate using OpenSSL and adds it to the JVM* (keytool) for Tomcat to use.
eGuide uses the same basic mechanisms as iManager, except that it doesn't retrieve a certificate from the server if a certificate isn't found in the keystore.
Novell iFolder can use either no SSL or SSL with server authentication. For more information on iFolder certificate management, see Novell iFolder 2.1 Installation and Administration Guide.
Virtual Office requires that iManager is installed and configured. Both products use LDAP over SSL, meaning that all communications with the LDAP server are encrypted.
However, if server authentication is not configured, iManager retrieves a certificate from the server and then uses that certificate for encryption.
If server authentication is configured, the administrator can add the server's exported certificate to the JVM CACerts keystore using the Java keytool tool.
iPrint is not configured by default to require user authentication. This can be changed using iManager. For more information, see "Setting Up a Secure Printing Environment" in the Novell iPrint Administration Guide for Novell Nterprise Linux Services.
LUM looks for certificates in /var/nam. The certificates are named IP.cer or DNS.der where IP and DNS represent the IP address and DNS name of the server, respectively.
LUM automatically retrieves a certificate if one is not supplied.
You can edit the /etc/nam.conf file to change the name of the certificate file or the location to another directory on the file system. LUM uses .der files.
NetMail uses eDirectory running on the same server for user authentication.
Because Samba uses OpenLDAP, certificate management uses the OpenLDAP certificate management features.
During the NNLS install for Samba, you are asked for the location of a .B64 certificate. Unless you are the first server of a new eDirectory tree and you plan to use its LDAP server for user authentication, you must specify the certificate location.
IMPORTANT: The certificate filename must not contain spaces.
If you specify a certificate location, the certificate is copied to /etc/ssl and the /etc/opt/novell/openldap/ldap.conf file is modified to point to the certificate and to use SSL with server authentication.
After the installation is completed, you can edit the ldap.conf file either to not use SSL or to point to another certificate received from an external CA.