Lenovo RD220 User Guide - Page 45
Secure Web server and secure LDAP, SSL certificate overview, SSL Client Configuration for LDAP Client
UPC - 884942047961
View all Lenovo RD220 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
a. Disable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page. b. Generate or import a certificate. Use the SSL Client Certificate Management area on the Security page (see "SSL client certificate management" on page 43). c. Import one or more trusted certificates. Use the SSL Client Trusted Certificate Management area on the Security page (see "SSL client trusted certificate management" on page 43). d. Enable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page (see "Enabling SSL for the LDAP client" on page 44). 3. Restart the IMM for SSL server configuration changes to take effect. For more information, see "Restarting IMM" on page 47. Note: Changes to the SSL client configuration take effect immediately and do not require a restart of the IMM. Secure Web server and secure LDAP Secure Sockets Layer (SSL) is a security protocol that provides communication privacy. SSL enables client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. You can configure the IMM to use SSL support for two types of connections: secure server (HTTPS) and secure LDAP connection (LDAPS). The IMM takes on the role of SSL client or SSL server depending on the type of connection. The following table shows that the IMM acts as an SSL server for secure Web server connections. The IMM acts as an SSL client for secure LDAP connections. Table 5. IMM SSL connection support Connection type SSL client Secure Web server Web browser of the user (HTTPS) (For example: Microsoft Internet Explorer) Secure LDAP IMM LDAP client connection (LDAPS) SSL server IMM Web server An LDAP server You can view or change the SSL settings from the Security page. You can enable or disable SSL and manage the certificates that are required for SSL. SSL certificate overview You can use SSL with either a self-signed certificate or with a certificate that is signed by a third-party certificate authority. Using a self-signed certificate is the simplest method for using SSL, but it does create a small security risk. The risk arises because the SSL client has no way of validating the identity of the SSL server for the first connection that is attempted between the client and server. It is possible that a third party might impersonate the server and intercept data that is flowing between the IMM and the Web browser. If, at the time of the initial connection between the browser and the IMM, the self-signed certificate is imported into the certificate store of the browser, all future communications will be secure for that browser (assuming that the initial connection was not compromised by an attack). For more complete security, you can use a certificate that is signed by a certificate authority. To obtain a signed certificate, use the SSL Certificate Management page Chapter 3. Configuring the IMM 39