000025224 - How to publish end user certificates over SSL to LDAP with RSA Certificate Manager 6.6

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025224
Applies ToRSA Certificate Manager 6.6
Sun Solaris 2.9
IssueHow to publish end user certificates over SSL to LDAP with RSA Certificate Manager 6.6
Resolution

Steps required:

1. Install RSA BSAFE or OpenSSL on RCM 6.6 (/usr/loca/ssl)

2. Use RSA BSAFE or OpenSSL to generate a RSA key pair, then generated a PKCS#10 cert request

3. Use the P10 to request a cert from RCM 6.6 CA

4. Approve a SSL Client certificate on RCM

5. Ensure both key and certificate are stored in PEM format

5. Configure the end user jurisdiction to talk to LDAP server over SSL. RCM 6.6 insists that you specify a SSL client key/cert to make the connection, even though the LDAP end does not check the client cert; jurisdiction settings below.

6. Issue end user certs for user1 and user2, and add certs to matching (by UID) user objects in the external LDAP

Jurisdiction settings:

External Publishing

 

 

Publishing Control:

Publish Certificates:

On

Publish Cross Certificates:

Off

Publish CAs:

Off

Publish Complete CRLs:

Off

Publish Delta CRLs:

Off

Publish ARLs:

Off

End Entity Deletes:

Off

 

 

Publishing Configuration:

Host:

ldapkeon.acme.net

Port:

636

Bind DN:

uid=keon_cert_publisher,ou=directory administrators,dc=acme,dc=net

Enable SSL:

On

SSL Certificate File:

/home/app/LDAP-certs/rcmcert-client.cert

SSL Key File:

/home/app/LDAP-certs/rcmcert.key

Create Person Surname from Common Name:

Off

Base DN:

OU=People,DC=acme,DC=net

Create DN From Certificate DN:

Off

Certificate DN:

UID

Create Authority DN From Certificate DN:

Off

Authority DN:

Undefined

DN Mapping:

Undefined

Use Search to create DN:

Off

End Entity Attributes:

Undefined

End Entity Class:

inetOrgPerson

End Entity Certificate Field:

userCertificate

Authority Attributes:

Undefined

Authority Class:

Undefined

Authority Certificate Field:

Undefined

Authority Complete CRL Field:

Undefined

Authority Delta CRL Field:

Undefined

Authority ARL Field:

Undefined

Aux End Entity Class:

Undefined

Aux Authority Class:

Undefined

Create End Entity as:

Undefined

Create Authority as:

Undefined

 

Legacy Article IDa28080

Attachments

    Outcomes