1.Open xca and create CA
1.1 new database and name the database as certs
1.2 enter the password to protect this server,the password as 12345678
1.3 Move to Certificates tab and click the New Certificate button on the left part.
1.4 A windows named Create x509 Certificate will prompt.
1.5 Click the Source tab on this windows
1.5.1 Template for the new certificate:[Default] CA
1.5.2 Signing->Create a self signed certificate with the serial:1
1.6 Click to Subject tab
1.6.1 OrganizationName:Example
1.6.2 OrganizationUnitName:Engineer, please note that on the directory server,
the ou=Engineer,o=techlogy,dc=example,dc=com existed before typing the above 2 values.
1.6.3 Click the Generate a new key button at the right-bottom part and
enter the name of new key as certkey.
1.6.4 Interal name:Cacert
1.7 Click the Extensions tab and select Type as "Certification Authority".
2. Generate SSL request on Sunone Directory server side
2.1 Open Sunone Directory server management console
2.2 Click the Tasks tab and then click the Manage Certificates button.
2.3 Click Request..-->check the Request certificate Manually->Next
2.4 Certificate Request Wizard will prompt.
2.4.1 Servername: hostname,such as VM-AD-SUN-HENRY.example.com
2.4.2 Let the left other items as empty, such as Organization,
Organization Unit, City/Local, State/Province,Country/Region.
2.5 The warning window will prompt: Empty Fields-One or More fields are empty...
Do you want to continue? --Click Yes
2.6 Enter the password to access the token, set the password value as "example1234".
2.7 Click the "Save to file" button to save the request certification.
set the default name as server.req.
2.8 Remove the empty line on the server.req file.
3. Import the server.req to XCA and sign it.
3.1 Open XCA and move to Certificate signing requests tab.
3.2 Click the button of "Import" on the right.
3.3 Select the server certificate request and Click the right mouse and then click the "Sign"
3.4 Use this Certificate for Signing,select Cacert
3.5 Signature algorithm: SHA1
3.6 Template for the new cerficate: [Default]HTTPS_server
4. Generate Client cerification for SSL+External(This step can be ignored if we configure for SSL+Simple)
4.1 Open XCA and go to Certificates tab
4.2 Click the "New Certificate" button on the right.
4.3 The "Create X509 Certificate" Window will prompt.
4.3.1 Go to Source tab
Signing--> Check "Use this Ceriticate for signing"--> Cacert
Signature algorithm-->SHA1
Template for the new certificate--> [Default]HTTPS_Client
4.3.2 Go to Subject tab
4.3.2.1 Internal name: clientcert
4.3.2.2 Generate a new key: clientcertkey
Keytype:RSA
Keysize:1024bit
4.3.2.3 Added the below information for the userDN:cn=admin,ou=administrators,ou=toplogymanagement,o=netscaperoot
Type Content
organizationName netscaperoot
organizationUnitName toplogymanagement
organizationUnitName administrators
commonName admin
Please note that the order of these item should be on order.
4.3.3 Set the other items as default.
5. Export the signed certification
5.1 Export Cacert certification:
5.1.1 Move the mouse on the Cacert and click the right mouse -->Export-->File
5.1.2 Filename: Cacert.crt
Export Format:PEM
5.1.3 Filename: Cacert.cer
Export Format:DER
5.2 Export Client certification:
5.2.1 Move the mouse to the Clientcert and click the right mouse-->Export-->File
5.2.2 Filename:
Filename:clientcert.p12
Export Format:PKCS#12
Enter the password to encrypt the PKCS#12 file: example2012go!
5.3 Export Server certification:
5.3.1 Move the mouse to the server certificate(VM-AD-SUN-HENRY.example.com) and click the right
mouse-->Export-->File
5.3.2 Filename:VM-AD-SUN-HENRY.example.com.crt
Export Format:PEM
6.Install the signed server and CA ceritificate for sunone directory server.
6.1 Go to Sunone Directory Management console
6.2 Go to Manage Certificates-->Server certs-->Install...--> in this local file-->Browse-->
select the full path VM-AD-SUN-HENRY.example.com.crt
6.3 Enter the password to access the token: example1234(this password was the same as 2.6)
6.4 Go to Manage Certificates-->CA certs-->Install...--> in this local file-->Browse-->Cacert.crt
7. Generate Keystore
7.1 cd \
7.2 keytool -import -v -alias Cacert -file C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\Cacert.cer -keystore C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\CAKeyStore
8. Configure Network and Encryption for Sunone Directory server
8.1 LDAP Directory server console-->Encryption tab
8.1.1 Check "Enable SSL for this server"
8.1.2 Check "Use this cipher family:RSA"
Security Device: internal(Software)
Certificate: Server-cert
8.1.3 DSML Client Authentication: HTTP Basic(Use authentication in HTTP header).
8.2 Network tab
8.2.1 Check "Both secure and non secure ports".
8.2.2 Check "Enable DSML".
Check only non secure port.
1.1 new database and name the database as certs
1.2 enter the password to protect this server,the password as 12345678
1.3 Move to Certificates tab and click the New Certificate button on the left part.
1.4 A windows named Create x509 Certificate will prompt.
1.5 Click the Source tab on this windows
1.5.1 Template for the new certificate:[Default] CA
1.5.2 Signing->Create a self signed certificate with the serial:1
1.6 Click to Subject tab
1.6.1 OrganizationName:Example
1.6.2 OrganizationUnitName:Engineer, please note that on the directory server,
the ou=Engineer,o=techlogy,dc=example,dc=com existed before typing the above 2 values.
1.6.3 Click the Generate a new key button at the right-bottom part and
enter the name of new key as certkey.
1.6.4 Interal name:Cacert
1.7 Click the Extensions tab and select Type as "Certification Authority".
2. Generate SSL request on Sunone Directory server side
2.1 Open Sunone Directory server management console
2.2 Click the Tasks tab and then click the Manage Certificates button.
2.3 Click Request..-->check the Request certificate Manually->Next
2.4 Certificate Request Wizard will prompt.
2.4.1 Servername: hostname,such as VM-AD-SUN-HENRY.example.com
2.4.2 Let the left other items as empty, such as Organization,
Organization Unit, City/Local, State/Province,Country/Region.
2.5 The warning window will prompt: Empty Fields-One or More fields are empty...
Do you want to continue? --Click Yes
2.6 Enter the password to access the token, set the password value as "example1234".
2.7 Click the "Save to file" button to save the request certification.
set the default name as server.req.
2.8 Remove the empty line on the server.req file.
3. Import the server.req to XCA and sign it.
3.1 Open XCA and move to Certificate signing requests tab.
3.2 Click the button of "Import" on the right.
3.3 Select the server certificate request and Click the right mouse and then click the "Sign"
3.4 Use this Certificate for Signing,select Cacert
3.5 Signature algorithm: SHA1
3.6 Template for the new cerficate: [Default]HTTPS_server
4. Generate Client cerification for SSL+External(This step can be ignored if we configure for SSL+Simple)
4.1 Open XCA and go to Certificates tab
4.2 Click the "New Certificate" button on the right.
4.3 The "Create X509 Certificate" Window will prompt.
4.3.1 Go to Source tab
Signing--> Check "Use this Ceriticate for signing"--> Cacert
Signature algorithm-->SHA1
Template for the new certificate--> [Default]HTTPS_Client
4.3.2 Go to Subject tab
4.3.2.1 Internal name: clientcert
4.3.2.2 Generate a new key: clientcertkey
Keytype:RSA
Keysize:1024bit
4.3.2.3 Added the below information for the userDN:cn=admin,ou=administrators,ou=toplogymanagement,o=netscaperoot
Type Content
organizationName netscaperoot
organizationUnitName toplogymanagement
organizationUnitName administrators
commonName admin
Please note that the order of these item should be on order.
4.3.3 Set the other items as default.
5. Export the signed certification
5.1 Export Cacert certification:
5.1.1 Move the mouse on the Cacert and click the right mouse -->Export-->File
5.1.2 Filename: Cacert.crt
Export Format:PEM
5.1.3 Filename: Cacert.cer
Export Format:DER
5.2 Export Client certification:
5.2.1 Move the mouse to the Clientcert and click the right mouse-->Export-->File
5.2.2 Filename:
Filename:clientcert.p12
Export Format:PKCS#12
Enter the password to encrypt the PKCS#12 file: example2012go!
5.3 Export Server certification:
5.3.1 Move the mouse to the server certificate(VM-AD-SUN-HENRY.example.com) and click the right
mouse-->Export-->File
5.3.2 Filename:VM-AD-SUN-HENRY.example.com.crt
Export Format:PEM
6.Install the signed server and CA ceritificate for sunone directory server.
6.1 Go to Sunone Directory Management console
6.2 Go to Manage Certificates-->Server certs-->Install...--> in this local file-->Browse-->
select the full path VM-AD-SUN-HENRY.example.com.crt
6.3 Enter the password to access the token: example1234(this password was the same as 2.6)
6.4 Go to Manage Certificates-->CA certs-->Install...--> in this local file-->Browse-->Cacert.crt
7. Generate Keystore
7.1 cd \
7.2 keytool -import -v -alias Cacert -file C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\Cacert.cer -keystore C:\SSL-LDAP\Sunone\SSL-Simple\192.168.80.166\CAKeyStore
8. Configure Network and Encryption for Sunone Directory server
8.1 LDAP Directory server console-->Encryption tab
8.1.1 Check "Enable SSL for this server"
8.1.2 Check "Use this cipher family:RSA"
Security Device: internal(Software)
Certificate: Server-cert
8.1.3 DSML Client Authentication: HTTP Basic(Use authentication in HTTP header).
8.2 Network tab
8.2.1 Check "Both secure and non secure ports".
8.2.2 Check "Enable DSML".
Check only non secure port.
6571
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
