SSL uses security certificates to control, encrypt, and authenticate communications.
Ensure that the security certificate directory /usr/local/nxdrv/keys is appropriately protected. The installation program sets secure file permissions for this directory.
The Driver Shim and the Identity Manager engine communicate through SSL using a certificate created in the Identity Vault and retrieved by the driver shim during the installation process. For more information on this certificate and how to renew or install third-party certificates, refer to the Identity Manager Administration Guide.
The Embedded Remote Loader web interface uses a dynamically generated, self-signed certificate for SSL communication. The details of this certificate are as follows:
Table 8-1 Security Ceritficate Details (Embedded Remote Loader)
Property Name |
Values / Parameters |
---|---|
Subject |
SSL Server |
Issuer |
SSL Server |
Validity |
1 year |
Serial Number |
0 |
Key |
1024-bit RSA |
Renewal of this certificate automatically occurs every time the driver shim is restarted on the connected platform.
If you have configured your Driver Shim to provide remote NIS or NIS+ clients with password publishing, a certificate is generated during installation for SSL authorization and communication. This certificate is a self-signed certificate authority with the following certificate properties:
Table 8-2 Security Ceritficate Details (Driver Shim)
Property Name |
Values / Parameters |
---|---|
Subject |
soap api certificate authority |
Issuer |
soap api certificate authority |
Validity |
10 year |
Serial Number |
0 |
Key |
4096-bit RSA |
These properties can be configured and renewed at any time. For information on how to configure these properties, refer to Section C.2, The Remote Publisher Configuration File.
When remote NIS or NIS+ clients are configured to publish passwords, they retrieve a certificate from the Driver Shim and use this for SSL communication and client authorization. The client certificates contain the following certificate properties:
Table 8-3 Security Ceritficate Details (NIS or NIS+ clients)
Property Name |
Values / Parameters |
---|---|
Subject |
soap api client |
Issuer |
soap api certificate authority |
Validity |
2 year |
Serial Number |
[starts at 1000] |
Key |
2048-bit RSA |
For more information on how to configure these certificate properties, refer to Section C.2, The Remote Publisher Configuration File.