Secure web server and secure ldap, Ssl certificate overview – Lenovo ThinkServer TD200 User Manual
Page 45
a.
Disable the SSL client. Use the SSL Client Configuration for LDAP Client
area on the Security page.
b.
Generate or import a certificate. Use the SSL Client Certificate
Management
area on the Security page (see “SSL client certificate
c.
Import one or more trusted certificates. Use the SSL Client Trusted
Certificate Management
area on the Security page (see “SSL client trusted
certificate management” on page 43).
d.
Enable the SSL client. Use the SSL Client Configuration for LDAP Client
area on the Security page (see “Enabling SSL for the LDAP client” on page
44).
3.
Restart the IMM for SSL server configuration changes to take effect. For more
information, see “Restarting IMM” on page 47.
Note:
Changes to the SSL client configuration take effect immediately and do
not require a restart of the IMM.
Secure Web server and secure LDAP
Secure Sockets Layer (SSL) is a security protocol that provides communication
privacy. SSL enables client/server applications to communicate in a way that is
designed to prevent eavesdropping, tampering, and message forgery.
You can configure the IMM to use SSL support for two types of connections: secure
server (HTTPS) and secure LDAP connection (LDAPS). The IMM takes on the role
of SSL client or SSL server depending on the type of connection. The following
table shows that the IMM acts as an SSL server for secure Web server connections.
The IMM acts as an SSL client for secure LDAP connections.
Table 5. IMM SSL connection support
Connection type
SSL client
SSL server
Secure Web server
(HTTPS)
Web browser of the user
(For example: Microsoft Internet Explorer)
IMM Web server
Secure LDAP
connection (LDAPS)
IMM LDAP client
An LDAP server
You can view or change the SSL settings from the Security page. You can enable or
disable SSL and manage the certificates that are required for SSL.
SSL certificate overview
You can use SSL with either a self-signed certificate or with a certificate that is
signed by a third-party certificate authority. Using a self-signed certificate is the
simplest method for using SSL, but it does create a small security risk. The risk
arises because the SSL client has no way of validating the identity of the SSL server
for the first connection that is attempted between the client and server. It is
possible that a third party might impersonate the server and intercept data that is
flowing between the IMM and the Web browser. If, at the time of the initial
connection between the browser and the IMM, the self-signed certificate is
imported into the certificate store of the browser, all future communications will be
secure for that browser (assuming that the initial connection was not compromised
by an attack).
For more complete security, you can use a certificate that is signed by a certificate
authority. To obtain a signed certificate, use the SSL Certificate Management page
Chapter 3. Configuring the IMM
39