Use the following information if you are using eDirectory or iPlanet as your LDAP server. Instructions specific to each directory are included. Make sure you complete the instructions before installing Caldera Volution Manager Clients.
Use the following instructions to complete the eDirectory configuration for SSL communication.
Install and configure eDirectory as documented.
When you install Volution Manager, select eDirectory for the LDAP directory.
Copy the Certificate Authority (CA) certificate from /etc/opt/volution /cacerts to the system you are installing eDirectory on. This file is named volution-authority.cert.
Before starting ConsoleOne, make sure that npki is enabled, by entering the following command as root:
/usr/sbin/npki -l
ConsoleOne is now ready to handle certificates.
Important: Use the following directions to use eDirectory with its own Certificate Authority in addition to the Volution Certificate Authority.
In ConsoleOne, locate and select the Security container at the root of the NDS tree.
Create an NDSPKI: Certificate Authority object in the Security container.
Set the NDS object name to the name for this Certificate Authority.
Select Custom and Next to continue.
Set the Key size to 512 bits.
Leave the Type set to Certificate Authority.
Select Next to continue.
Set Path length to Unspecified and Next to continue.
Leave the Subject Name as is.
Select RSA encryption with MD5 hash for the Signature algorithm.
Set the Validity period to the length you want.
Select Next to continue.
Review the information and select Finish.
Select the newly created Certificate Authority and open the object.
Select the Certificates tab.
On the Certificates tab, select the Self Signed Certificate from the popdown menu.
Click Export.
Select "File in Base64 format."
Enter a path to save the file and add the extension .cacert on the filename, /root/eDirectory.cacert.
Important: The following step is critical for VM Clients to communicate with the VM Server.
Copy the eDirectory.cacert to each client's /etc/opt/volution/cacert directory.
Important: This step is necessary for the Volution Manager Server and Client components to authenticate to eDirectory using SSL.
Important: Use the following directions as well as the previous section, Section A.1.1.1 if you are using eDirectory with its own Certificate Authority in addition to the Volution Certificate Authority.
Use the following steps to create an NDSPKI: Key Material object in the organizational unit that contains the eDirectory server object.
Select the organization or organizational unit that contains your server object.
Right click on the name of this organization or organizational unit.
Select New > Object > NDSPKI: Key Material Object.
Choose the server from the list.
Give the Key Material (certificate) object a name.
Select Custom and Next to continue.
Select Organizational certificate authority and Next to continue.
Select 512 bits for the key size.
Leave the Type set to SSL or TLS.
Select Next to continue.
Leave the Subject Name as is.
Set the Signature algorithm to RSA encryption with MD5 hash.
Set Validity period to the length you want.
Select Next to continue.
Select "Your organization's certificates: as the trusted root certificate and Next to continue.
Review the information you entered and select Finish.
Locate the LDAP Server object in NDS.
Select the SSL Configuration tab and click the browse button at the end of the SSL Certificate field.
Select the NDSPKI: Key object you created in the above steps.
Select OK to save the changes and Done to finish.
eDirectory is now configured to use SSL for LDAP.
Use the following instructions to complete the iPlanet configuration for SSL communication.
Install iPlanet 4.13 on OpenLinux 2.4 and create a symbolic link between /usr/lib/libtermcap.so.2 to /lib/libncursses.so.5.2 by entering the following:
ln -s /lib/libncurses.so.4.2 /usr/lib/libtermcap.so.2
During the Volution Manager Server installation, select iPlanet as the LDAP directory.
Copy the Certificate Authority certificate from /etc/opt/volution/cacerts to the system you are installing iPlanet on. The filename is volution-authority.cert.
Start the iPlanet console. See Section 1.1.1.5.3.
In the iPlanet Console, expand the container, yourserver.yourcompany.com and then expand the container, Server Group.
Click on Directory Server and then click the Open button.
Select the Configuration tab and then Encryption tab.
Click the Enable SSL checkbox.
Select the RSA checkbox under Cipher Family.
Select the Certificate Setup Wizard
Read the instructions > Next.
Under Option 1 select internal (software).
Under Option 2 select Yes and click Next.
Read the instructions and click Next.
Select Next if asked to setup a Trust database.
Enter a password for the Netscape Trust Database and click Next.
Select Trusted Certificate Authority > Next.
Select "The certificate is located in this file:" and type in the full path to the Volution Manager CA certificate you copied from /etc/opt/volution /cacerts to the system you are installing iPlanet on. The filename is volution-authority.cacert.
Verify that the information form the certificate is correct and select Add to add this certificate.
Select Done to finish.
Select the Certificate Setup Wizard.
Read the instructions > Next.
Under Option 1 select internal (software).
Under Option 2 select No > Next.
Fill out information for generating the Certificate Request > Next.
Enter your Trust Database password (it should already be filled in) > Next.
An email should arrive containing the certificate request. Save the request to a file.
Sign the certificate request on the system you installed the VM Server on by running the following command:
/opt/volution/bin/volutionkeytool cert request
Enter the path to the X509 request file generated in the previous section.
Enter the path to the directory where you stored the Volution Manager Authority Key during installation. The default for this location is a floppy.
Enter the alias for the certificate authority or accept the default.
Enter the CA Key password you specified during installation.
Save the signed certificate to a file and copy it back to the system you have iPlanet installed on.
Select the Certificate Setup Wizard
Read the instructions > Next.
Under Option 1 select internal (software).
Under Option 2 select Yes > Next.
Read the instructions > Next.
Select to install a certificate for this server and enter the password for the Netscape Trust Database > Next.
Select "The certificate is located in this file:" and type in the full path to the file containing the signed certificate > Next.
Verify that the information from the certificate is correct and select Add to add this certificate.
Read the message > Done to finish.
Select Save to save the changes in the Encryption setup.
Stop iPlanet, by doing the following:
Change to the directory where iPlanet is installed.
The default location is /usr/netscape/server4
Type the following:
slapd-servername/stop-slapd
Start iPlanet, by doing the following:
Change to the directory where iPlanet is installed.
The default location is /usr/netscape/server4
Type the following:
slapd-servername/start-slapd
Enter the PIN for the internal software token. This is the Netscape Trust Database password.
Note: If you want to manage the Volution Manager Server as a client, you must restart volutiond on the Server. The computer object for the Server will now appear in the computers organizational unit in the Management Console.
iPlanet is now configured to use SSL.