Obtaining and Installing Server Certificates424 Red Hat Directory Server Administrator’s Guide • May 2005Step 4: Trust the Certificate AuthorityConfiguring your Directory Server to trust the certificate authority consists ofobtaining your CA’s certificate and installing it into your server’s certificatedatabase. This process differs depending on the certificate authority you use.Some commercial CAs provide a web site that allows you to automaticallydownload the certificate. Others will email it to you upon request.Once you have the CA certificate, you can use the Certificate Install Wizard toconfigure the Directory Server to trust the Certificate Authority.1. In the Directory Server Console, select the Tasks tab, and click ManageCertificates.The Manage Certificates window is displayed.2. Go to the CA Certs tab, and click Install.The Certificate Install Wizard is displayed.3. If you saved the CA’s certificate to a file, enter the path in the field provided.If you received the CA’s certificate via email, copy and paste the certificate,including the headers, into the text field provided. Click Next.4. Check that the certificate information that is displayed is correct, and clickNext.5. Specify a name for the certificate, and click Next.6. Select the purpose of trusting this Certificate Authority (you can select both):m Accepting connections from clients (Client Authentication) — Theserver checks that the client’s certificate has been issued by a trustedCertificate Authority.m Accepting connections to other servers (Server Authentication) — Thisserver checks that the directory to which it is making a connection (forreplication updates, for example) has a certificate that has been issued bya trusted Certificate Authority.7. Click Done to dismiss the wizard.Once you have installed your certificate and trusted the CA’s certificate, you areready to activate SSL. However, you should first make sure that the certificateshave been installed correctly.
