solaris 10 SSL connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm really not sure if this will help, but here are the full 
instructions I used to get this working on a clean solaris 9 install (I 
haven't given it a shot on solaris 10 yet)

Download the nspr, and nss packages for Solaris 9 here
(http://sourceforge.net/project/showfiles.php?group_id=19386)
and install them.

Get Sun one Resource Kit here:
http://www.sun.com/download/products.xml?id=3f74a0db
And install it.

Next run this command to setup your certificate database:

# LD_LIBRARY_PATH=/usr/lib:/usr/local/lib ; export LD_LIBRARY_PATH
# /opt/sunone/lib/nss/bin/certutil -N -d /var/ldap

Add hosts entry to /etc/hosts for Ldap server, ** matching the 
certificate name **  (in my case, server-cert).
You'll get this error, which will let you know the name you need to put 
in /etc/hosts: (I couldn't 'pull' it from the cert in any way)

Feb 15 13:31:28 unknown sendmail[2061]: libldap: CERT_VerifyCertName: 
cert server name 'server-cert' does not match 'corporate-ds': SSL 
connection denied

Get CA cert from directory using these commands:

[root at corporate-ds alias]# pwd
/opt/fedora-ds/alias
[root at corporate-ds alias]# ../shared/bin/certutil -L -d . -n "CA 
certificate" -r > /root/cert.der

Copy it to the solaris server, and import it with this:

# /opt/sunone/lib/nss/bin/certutil -A -n "CA certificate" -i 
/export/home/mmont/cert.der -t "CTu,u,u" -d /var/ldap/
Run this command to set ldap client settings on the machine:

# ldapclient -v manual -a authenticationMethod=tls:simple -a 
credentialLevel=proxy \
-a defaultSearchBase="dc=inside,dc=yourdomain,dc=com" \
-a domainName=yourdomain.com -a followReferrals=false \
-a serviceSearchDescriptor="netgroup: 
ou=netgroup,dc=inside,dc=yourdomain,dc=com" \
-a preferredServerList=10.5.1.18 -a 
serviceAuthenticationMethod=pam_ldap:tls:simple \
-a proxyPassword=blahblahblah -a 
proxyDn=cn=proxyagent,ou=profile,dc=inside,dc=yourdomain,dc=com

Restart ldap.client:

# /etc/init.d/ldap.client stop ; sleep 2 ; /etc/init.d/ldap.client start

That should do it. Test settings with id, getent, or ldaplist: (You must 
be root, or sudo to use ldaplist)

# ldaplist -l passwd yournamehere
(This should list your entry in the ldap dir)

I hope this helps someone, and I'm sure I'll attempt to get solaris 10 
working at some point soon.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux