Description:

How do you configure CA Web Administrator to use SSL?

Solution:

SSL setup must be configured in:

1. CA LDAP for Top Secret
   
   
2. CA Web Administrator

Here is the flow, when using CA Web Administrator:

Browser --> CA Web Administrator Server --> CA Top Secret LDAP --> CA Top Secret.

or

CA Top Secret --> CA Top Secret LDAP --> Web Admin Server --> Browser.

CA Web Adminstrator uses Tomcat to communicate with CA LDAP for Top Secret and needs to be configured to use SSL. Please see the following instructions to setup Tomcat to use SSL:

http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

1. Documents how to create the keystore, which will hold the digital certificate used to connect to CA Top Secret LDAP.
   
   
2. Documents how to put a digital certificate into the keystore.
   
   
3. Documents how to configure Tomcat to use a SSL connection by modifying the Tomcat config file.

Please refer to the CA LDAP Administrator Guide for details on configuring it to use SSL.

If the CA LDAP Server for Top Secret is setup to do SSL using a Keyring and a 3rd party certificate, update the slapd.conf file with the necessary entries:

 hosturls ldap://:389 ldaps://:636 
 TLSKeyringName       NDMTRING                                              '

"NDMTRING" would be your keyring label name.

There is a parameter in the slapd.conf file to tell CA LDAP whether to do client/server SSL or just server SSL.

 TLSVerifyCLient No  <--Server SSL 
 TLSVerifyClient Yes <--Client/Server SSL 

For additional information please refer to the CA LDAP Administrator Guide, which documents how to setup the CA LDAP server to use SSL.