Using ldap servers with ssl, Using single sign-on, Installing the root certificate – VBrick Systems Portal Server ETV v4.2.1 User Manual

Server Administration

ETV Portal Server Admin Guide

83

Using Single Sign-On

T

To use single-sign-on (and avoid username/password prompts), you must do one of the
following:

•

Access the Portal Server by the alphabetical name (for example

http://yourserver

).

•

Access the Portal Server by the IP address in which case you must also add the Portal
Server to the

Local Intranet Zone

(

Internet Options > Security > Sites

). This setting can be

pushed company-wide by an administrator using security policies.

5. Change Internet Explorer's default settings to allow

Automatic logon with current

username and password

(Go to

Internet Options > Security > Custom Level > User

Authentication

).

Using LDAP Servers with SSL

Installing the Root Certificate

If the LDAP server requires SSL (Secure Sockets Layer) for encryption and authentication,
you will need to install the certificate locally on the ETV Portal Server as a

Trusted Root

Certificate Authority

.

T

To install the root certificate locally on the ETV Portal Server as Trusted Root
Certificate Authority:

1. Open Internet Explorer.
2. In the address bar type

https://LDAPSERVER:636

where

LDAPSERVER

is the address of the

LDAP Server associated with Certificate Authority (See Resolving Other Security Alerts
on page 85) and

636

is the SSL port used to authenticate with the LDAP Server.

3. When Internet Explorer displays a Security Alert dialog (Internet Explorer 6) or

certificate error screens (Internet Explorer 7), click

View Certificate

.

4. A Certificate window will open, click on the

Certificate Path

tab.

5. If there is more than on certificate listed in the

Certificate Path

tab, choose the root

certificate by selecting the top-most certificate and then clicking

View Certificate

.

Note Internet Explorer 6 only. All three items in the Security Alert window below must be

in compliance. The first item can easily be installed using these instructions; for the
middle item, the local CA will need to create a new certificate if it is out of date; for
the last item, the name of the certificate will need to match the address entered in the
address bar of your browser.