Converting to secure mode – Novell eBook Reader User Manual

Page 33

Advertising
background image

Configuring Your Liberty Identity Provider to Run in SSL Mode

29

Manual (99a)

3/17/03

103

Novell Confidential

04secure.fm last saved 4/14/03

4

Configuring Your Liberty Identity Provider to

Run in SSL Mode

This chapter contains information on the following topics:

Š

Converting to Secure Mode

Š

Customizing Your Liberty IDP User Interface

In order to become compliant with Liberty specifications, after you have successfully installed
your Liberty identity provider for Novell

®

eDirectory

TM

software, you must configure it to run in

a production environment. By default, your Liberty identity provider runs in test mode (HTTP).
You must change this protocol to HTTPS in order to run securely (in SSL mode). You do this by
configuring certificates. See the following links for more information:

Š

Apache SSL/TLS Encryption (http://httpd.apache.org/docs-2.0/ssl)

Š

Apache-SSL: Encryption, Certificates, and More (http://ist.uwaterloo.ca/security/lib-proxy/
howto/ssleay/apache.html)

Š

Setting Up a Secure Server (http://apacheworld.org/ty24/site.chapter17.html)

Š

Tomcat: SSL Configuration How-To (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-
howto.html)

Converting to Secure Mode

Complete the following tasks to convert your Liberty IDP to SSL (secure) mode:

1

Create a signing request (based on the domain name of the server you will be running on). For
information on how to do this, see

“Creating Certificates for Apache” on page 30

.

We recommend that you have a trusted third party in place to sign the certificates. Having a
well-known trusted authority will make this process easier.

During the installation, a signing certificate was created. In addition to the signing certificate,
for each provider you use, you will need a certificate for communication and a certificate for
introductions. If you are not using introductions, then you only need one certificate.

2

Configure the Web server to use the certificates.

2a

Modify your Apache configuration. For examples of how to do this, see

“Modifying the

Apache Configuration Files” on page 39

.

NOTE:

If you are not signing certificates by a trusted root that is in the certificate authority’s file, you will

need to exchange trusted roots for the IDP and SP, then import them into their respective certificate files.
(See

“Importing Trusted Roots” on page 42

for details.)

3

Change iManager from http to https:

3a

In iManager, click the Liberty Management role.

Advertising
Popular Brands
Popular manuals