Securing with tls, 4 securing with tls – Tandberg Data N3 User Manual

TANDBERG Gatekeeper User Manual

50

commUniqueId: comm1

h323Identityh323-ID: MeetingRoom1

h323IdentitydialedDigits: 626262

h235IdentityEndpointID: meetingroom1

h235IdentityPassword: mypassword

Add the ldif file to the server using the command:

slapadd -l <ldif_file>

This will add a single H.323 endpoint with an H.323 Id alias of

“

MeetingRoom1

”

and an E.164

alias of

“

626262

”

. The entry also has H.235 credentials of id

“

meetingroom1

”

and password

“

mypassword

”

which are used during authentication.

7.2.4 Securing with TLS

The connection to the LDAP server can be encrypted by enabling Transport Level Security
(TLS) on the connection. To do this you must create an X.509 certificate for the LDAP server
to allow the Gatekeeper to verify the server

’

s identity. Once the certificate has been created

you will need to install the following three files associated with the certificate onto the LDAP
server:



The certificate for the LDAP server.



The private key for the LDAP server.



The certificate of the Certificate Authority (CA) that was used to sign the LDAP
server

’

s certificate.

All three files should be in PEM file format.

The LDAP server must be configured to use the certificate. To do this, edit
/etc/openldap/slapd.conf and add the following three lines:

TLSCACertificateFile <path to CA certificate>

TLSCertificateFile <path to LDAP server certificate>

TLSCertificateKeyFile <path to LDAP private key>

The OpenLDAP daemon (slapd) must be restarted for the TLS settings to take effect.

For more details on configuring OpenLDAP to use TLS consult the OpenLDAP
Administrator

’

s Guide.

To configure the Gatekeeper to use TLS on the connection to the LDAP server you must
upload the CA

’

s certificate as a trusted CA certificate. To do this, navigate to the Gatekeeper

Configuration > Files page and upload the certificate.