webmaster
2014-03-04 15:57:24 UTC
A page in your DokuWiki was added or changed. Here are the details:
Date : 2014/03/04 16:57
Browser : Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
IP-Address : 88.173.78.196
Hostname : mne69-10-88-173-78-196.fbx.proxad.net
Old Revision: http://lsc-project.org/wiki/documentation/2.0/howtos/ssltls?rev=1384370003
New Revision: http://lsc-project.org/wiki/documentation/2.0/howtos/ssltls
Edit Summary: removed
User : coudot
@@ -1,79 +1 @@
- ====== SSL and TLS activation ======
-
- LSC can encrypt communication with a LDAP server, using either the StartTLS operation (on standard LDAP port, 389) or via SSL (on a specific port, 636).
-
- ===== Configuring LSC =====
-
- ==== TLS (StartTLS operation) ====
-
- You can use the startTLS extended operation to secure a connection on the standard 389 port. This feature is available since LSC 1.1.0.
-
- To enable TLS on the LDAP connection, set the following node in //lsc.xml//:
- <code xml>
- <connection>
- <.../>
- <tlsActivated>true</tlsActivated>
- </connection>
- </code>
-
-
- ==== SSL ====
-
- You can use SSL to create a secure tunnel. This implies to use ldaps:%%/%%/ URI in lsc.xml:
-
- <code xml>
- <connection>
- <.../>
- <url>ldaps://localhost/</url>
- </connection>
- </code>
-
- ===== Trusting the certificate =====
-
- Choose one of the two options below to get your server's certificate trusted.
-
- ==== Global use: LSC will use system-wide JVM Truststore ====
-
- First step, add the CA certificate (which signed the LDAP server certificate) in the JVM running LSC.
-
- This tutorial is written from http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html#CLIENT
-
- First, go to the security folder of your JVM installation:
- <code>
- cd $JAVA_HOME/jre/lib/security/
- </code>
-
- Then import the CA certificate (we suppose it is in a file named cacert.pem):
- <code>
- ../../bin/keytool -import -file /path/to/cacert.pem -keystore jssecacerts
- </code>
-
- ==== Specific use: LSC will use its own truststore ====
-
- This is exactly the same procedure as described above. But, at the end, LSC will use its own truststore instead of the system-wide JVM truststore.
-
- First step, copy the JVM truststore to your LSC installation:
- <code>
- cp $JAVA_HOME/jre/lib/security/cacerts /usr/local/lsc/etc
- </code>
-
- Then import the new certificate into this truststore:
- <code>
- $JAVA_HOME/bin/keytool -import -file /path/to/certificate.pem \
- -keystore /usr/local/lsc/etc/cacerts
- </code>
-
- Now, edit the shell script that launches LSC synchronization tasks. We suppose this is /usr/local/lsc/bin/lsc. Replace the following line:
-
- <code>
- $JAVA_HOME/bin/java -cp $CLASSPATH org.lsc.Launcher $*
- </code>
-
- by this line:
- <code>
- $JAVA_HOME/bin/java -cp $CLASSPATH \
- -Djavax.net.ssl.trustStore=$CFG_DIR/cacerts \
- -Djavax.net.ssl.trustStorePassword=changeit \
- org.lsc.Launcher $*
- </code>
Date : 2014/03/04 16:57
Browser : Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
IP-Address : 88.173.78.196
Hostname : mne69-10-88-173-78-196.fbx.proxad.net
Old Revision: http://lsc-project.org/wiki/documentation/2.0/howtos/ssltls?rev=1384370003
New Revision: http://lsc-project.org/wiki/documentation/2.0/howtos/ssltls
Edit Summary: removed
User : coudot
@@ -1,79 +1 @@
- ====== SSL and TLS activation ======
-
- LSC can encrypt communication with a LDAP server, using either the StartTLS operation (on standard LDAP port, 389) or via SSL (on a specific port, 636).
-
- ===== Configuring LSC =====
-
- ==== TLS (StartTLS operation) ====
-
- You can use the startTLS extended operation to secure a connection on the standard 389 port. This feature is available since LSC 1.1.0.
-
- To enable TLS on the LDAP connection, set the following node in //lsc.xml//:
- <code xml>
- <connection>
- <.../>
- <tlsActivated>true</tlsActivated>
- </connection>
- </code>
-
-
- ==== SSL ====
-
- You can use SSL to create a secure tunnel. This implies to use ldaps:%%/%%/ URI in lsc.xml:
-
- <code xml>
- <connection>
- <.../>
- <url>ldaps://localhost/</url>
- </connection>
- </code>
-
- ===== Trusting the certificate =====
-
- Choose one of the two options below to get your server's certificate trusted.
-
- ==== Global use: LSC will use system-wide JVM Truststore ====
-
- First step, add the CA certificate (which signed the LDAP server certificate) in the JVM running LSC.
-
- This tutorial is written from http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html#CLIENT
-
- First, go to the security folder of your JVM installation:
- <code>
- cd $JAVA_HOME/jre/lib/security/
- </code>
-
- Then import the CA certificate (we suppose it is in a file named cacert.pem):
- <code>
- ../../bin/keytool -import -file /path/to/cacert.pem -keystore jssecacerts
- </code>
-
- ==== Specific use: LSC will use its own truststore ====
-
- This is exactly the same procedure as described above. But, at the end, LSC will use its own truststore instead of the system-wide JVM truststore.
-
- First step, copy the JVM truststore to your LSC installation:
- <code>
- cp $JAVA_HOME/jre/lib/security/cacerts /usr/local/lsc/etc
- </code>
-
- Then import the new certificate into this truststore:
- <code>
- $JAVA_HOME/bin/keytool -import -file /path/to/certificate.pem \
- -keystore /usr/local/lsc/etc/cacerts
- </code>
-
- Now, edit the shell script that launches LSC synchronization tasks. We suppose this is /usr/local/lsc/bin/lsc. Replace the following line:
-
- <code>
- $JAVA_HOME/bin/java -cp $CLASSPATH org.lsc.Launcher $*
- </code>
-
- by this line:
- <code>
- $JAVA_HOME/bin/java -cp $CLASSPATH \
- -Djavax.net.ssl.trustStore=$CFG_DIR/cacerts \
- -Djavax.net.ssl.trustStorePassword=changeit \
- org.lsc.Launcher $*
- </code>
--
This mail was generated by DokuWiki at
http://lsc-project.org/wiki/
This mail was generated by DokuWiki at
http://lsc-project.org/wiki/