Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIX LDAP client authenticate against Linux Openldap server over TLS/SSL
Operating Systems AIX AIX LDAP client authenticate against Linux Openldap server over TLS/SSL Post 302958822 by agent.kgb on Monday 26th of October 2015 05:27:44 PM
Old 10-26-2015
What exactly the problem is? I neved did it with OpenLDAP, but did it with IBM Tivoli Directory Server and don't remember any problems with SSL.

On AIX side you must install crypto packages for LDAP and GSKit. Then you create a key file:
Code:
gsk7cmd -keydb -create -db /path/to/key.kdb -pw SOMEPASSWORD

and add your server certificate to the file:
Code:
gsk7cmd -cert -add -db /path/to/key.kdb -pw SOMEPASSWORD -label CertName -file /path/to/certificate.der -format binary

 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

AIX v5.3 LDAP CLIENT and AD

Has anyone successfully authenticated unix users via Active Directory using LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies

2. AIX

can not mount from aix client to linux nfs server

Hi, I am trying to mount a nfs folder from AIX client to Linux NFS Server, but I got the following error: # mount 128.127.11.121:/aix /to_be_del mount: 1831-010 server 128.127.11.121 not responding: RPC: 1832-018 Port mapper failure - RPC: 1832-008 Timed out mount: retrying... (1 Reply)
Discussion started by: victorcheung
1 Replies

3. UNIX for Dummies Questions & Answers

TLS/SSL Openldap Centos 5.5

hi guys I configured my openldap but now I want to implement SSL-TLS This is my basic slapd.conf configuration include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include ... (2 Replies)
Discussion started by: karlochacon
2 Replies

4. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

5. IP Networking

Linux Client To Authenticate using TACACS

I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I can't find anything on how to configure a linux client of TACACS authentication only how to set up a linux... (1 Reply)
Discussion started by: metallica1973
1 Replies

6. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

7. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

8. AIX

How to integrate AIX Client LPAR to make use of existing MS AD LDAP ?

Hi All, Its regarding the LDAP in AIX. we already have Microsoft Active Directory (LDAP) Server. And would like to integrate My client AIX LPAR to this LDAP server. So' that we can directly use Active directory crdentials to login. (instead of creating USERs on AIX) from my AIX LPAR. ... (4 Replies)
Discussion started by: System Admin 77
4 Replies

9. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT CENTOS

strongimcv_pki

PKI(1)								    strongSwan								    PKI(1)

NAME

       pki - Simple public key infrastructure (PKI) management tool

SYNOPSIS

       pki command [option ...]

       pki -h | --help

DESCRIPTION

       pki is a suite of commands that allow you to manage a simple public key infrastructure (PKI).

       Generate  RSA  and ECDSA key pairs, create PKCS#10 certificate requests containing subjectAltNames, create X.509 self-signed end-entity and
       root CA certificates, issue end-entity and intermediate CA certificates signed by the private key of a CA and  containing  subjectAltNames,
       CRL distribution points and URIs of OCSP servers. You can also extract raw public keys from private keys, certificate requests and certifi-
       cates and compute two kinds of SHA-1-based key IDs.

COMMANDS

       -h, --help
	      Prints usage information and a short summary of the available commands.

       -g, --gen
	      Generate a new private key.

       -s, --self
	      Create a self-signed certificate.

       -i, --issue
	      Issue a certificate using a CA certificate and key.

       -c, --signcrl
	      Issue a CRL using a CA certificate and key.

       -r, --req
	      Create a PKCS#10 certificate request.

       -7, --pkcs7
	      Provides PKCS#7 wrap/unwrap functions.

       -k, --keyid
	      Calculate key identifiers of a key or certificate.

       -a, --print
	      Print a credential (key, certificate etc.) in human readable form.

       -p, --pub
	      Extract a public key from a private key or certificate.

       -v, --verify
	      Verify a certificate using a CA certificate.

EXAMPLES

   Generating a CA Certificate
       The first step is to generate a private key using the --gen command. By default this generates a 2048-bit RSA key.

	 pki --gen > ca_key.der

       This key is used to create the self-signed CA certificate, using the --self command. The distinguished name  should  be	adjusted  to  your
       needs.

	 pki --self --ca --in ca_key.der 
	     --dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der

   Generating End-Entity Certificates
       With  the root CA certificate and key at hand end-entity certificates for clients and servers can be issued. Similarly intermediate CA cer-
       tificates can be issued, which in turn can issue other certificates.  To generate a certificate for a server, we start by generating a pri-
       vate key.

	 pki --gen > server_key.der

       The public key will be included in the certificate so lets extract that from the private key.

	 pki --pub --in server_key.der > server_pub.der

       The  following command will use the CA certificate and private key to issue the certificate for this server. Adjust the distinguished name,
       subjectAltName(s) and flags as needed (check pki --issue(8) for more options).

	 pki --issue --in server_pub.der --cacert ca_cert.der 
	     --cakey ca_key.der --dn "C=CH, O=strongSwan, CN=VPN Server" 
	     --san vpn.strongswan.org --flag serverAuth > server_cert.der

       Instead of storing the public key in a separate file, the output of --pub may also be piped directly into the above command.

   Generating Certificate Revocation Lists (CRL)
       If end-entity certificates have to be revoked, CRLs may be generated using the --signcrl command.

	 pki --signcrl --cacert ca_cert.der --cakey ca_key.der 
	     --reason superseded --cert server_cert.der > crl.der

       The certificate given with --cacert must be either a CA certificate or a certificate with the crlSign extended key usage (--flag  crlSign).
       URIs to CRLs may be included in issued certificates with the --crl option.

SEE ALSO

       pki --gen(1),  pki --self(1), pki --issue(1), pki --signcrl(1), pki --req(1), pki --pkcs7(1), pki --keyid(1), pki --print(1), pki --pub(1),
       pki --verify(1)

5.1.1								    2013-07-31								    PKI(1)
All times are GMT -4. The time now is 07:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy