Hello,
Is it possible to secure communication between my 389DS console on my
Window7 client computer and my 389-admin server on my Centos Server ?
I want to use HTTPS instead HTTP.
Is there any limitation between the server's FQDN and the subject of the
Centos HTTPS server certificate ?
You will find below releases and versions of my main 389 components:
Centos Linux release 7.3.1611 (Core)
389-admin Version: 1.1.46 Release: 1.el7
389-ds-base Version: 1.3.5.10 Release 15.el7_3
389-admin-console Version 1.1.12 Release 1.el7
389-console Version 1.1.18 Release 1.el7
389 Management Console on Windows 7: Console Framework 1.1.14
Best regards,
Vincent CAZAUBON
Centre informatique - Cirti
SI-SECURITE
Architecture/intégrateur ldap
2 rue de Coulongé CS 61911 44319 NANTES Cedex 03
vincent.cazaubon(a)urssaf.fr
Contribuons au respect de l'environnement, n'imprimez ce courriel qu'en
cas de nécessité et ayez le réflexe recto-verso
Show replies by date
Thanks you for your answer, now I know that it's possible.
Vincent CAZAUBON
Centre informatique - Cirti
SI-SECURITE
Architecture/intégrateur ldap
2 rue de Coulongé CS 61911 44319 NANTES Cedex 03
vincent.cazaubon(a)urssaf.fr
Contribuons au respect de l'environnement, n'imprimez ce courriel qu'en
cas de nécessité et ayez le réflexe recto-verso
De : Paul Robert Marino <prmarino1(a)gmail.com>
A : "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>,
Cc : Stella LE LOC'H <stella.leloch(a)urssaf.fr>
Date : 10/10/2017 12:16
Objet : [389-users] Re: 389DS console with HTTPS
One more minor correction that path on windows is C
:\windows\system32\drivers\etc\hosts
Sent from my BlackBerry - the most secure mobile device
From: prmarino1(a)gmail.com
Sent: October 10, 2017 6:12 AM
To: 389-users(a)lists.fedoraproject.org
Cc: stella.leloch(a)urssaf.fr
Subject: Re: [389-users] 389DS console with HTTPS
Sorry spell checker on my phone did some thing going strange it replaced
CNAME with came.
So in the alternative CNAME scenario the subject can match a CNAME in the
DNS but that CNAME must match an A record with a matching reverse lookup
record for the forward A record.
You can also use /etc / hosts files to work around this on Windows it's
located in C:\windows\system32\etc
Sent from my BlackBerry - the most secure mobile device
From: prmarino1(a)gmail.com
Sent: October 10, 2017 6:06 AM
To: 389-users(a)lists.fedoraproject.org
Cc: stella.leloch(a)urssaf.fr
Subject: Re: [389-users] 389DS console with HTTPS
This is a general SSL TLS thing.
In general the host must be resolvable Via a A record in the DNS which
matches both a forward and reverse lookup. Alternatively you can use a
came for the forward lookup but it must map to a A record which has a
matching reverse lookup record to the A record the came points to.
Sent from my BlackBerry - the most secure mobile device
From: vincent.cazaubon(a)urssaf.fr
Sent: October 10, 2017 2:54 AM
To: 389-users(a)lists.fedoraproject.org
Reply-to: 389-users(a)lists.fedoraproject.org
Cc: stella.leloch(a)urssaf.fr
Subject: [389-users] 389DS console with HTTPS
Hello,
Is it possible to secure communication between my 389DS console on my
Window7 client computer and my 389-admin server on my Centos Server ?
I want to use HTTPS instead HTTP.
Is there any limitation between the server's FQDN and the subject of the
Centos HTTPS server certificate ?
You will find below releases and versions of my main 389 components:
Centos Linux release 7.3.1611 (Core)
389-admin Version: 1.1.46 Release: 1.el7
389-ds-base Version: 1.3.5.10 Release 15.el7_3
389-admin-console Version 1.1.12 Release 1.el7
389-console Version 1.1.18 Release 1.el7
389 Management Console on Windows 7: Console Framework 1.1.14
Best regards,
Vincent CAZAUBON
Centre informatique - Cirti
SI-SECURITE
Architecture/intégrateur ldap
2 rue de Coulongé CS 61911 44319 NANTES Cedex 03
vincent.cazaubon(a)urssaf.fr
Contribuons au respect de l'environnement, n'imprimez ce courriel qu'en
cas de nécessité et ayez le réflexe recto-verso
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org