Contents


About This Guide

What's in This Guide
Conventions Used in This Guide
Viewing This Guide Online

To View This Manual From iPlanet Console or Administration Server
To View This Manual From Another Product

Getting Additional Help

To Get Context-Sensitive Help
To Search this Guide's Index
To Open the Product Homepage

Part 1 Overview of iPlanet Console

Chapter 1 iPlanet Console and Administration Server

Chapter 2 Installing iPlanet Servers and Console

The Setup Program

Installing a New Server

Directory Server Must Be Installed First
Administration Server Is Required in Each Server Root

Installation Modes

Express
Typical
Custom

Installing iPlanet Console as a Stand-Alone Application

To Install iPlanet Console as a Stand-Alone Application on UNIX System
To Install iPlanet Console as a Stand-Alone Application on Windows NT Systems

Upgrading to Version 5.0

Upgrading Administration Server and Console

To Upgrade on UNIX Systems
To Upgrade on Windows NT Systems

Upgrading a Stand-Alone Version of iPlanet Console

To Upgrade a Stand-Alone Version of iPlanet Console on UNIX Systems
To Upgrade a Stand-Alone Version of iPlanet Console on Windows NT Systems

Silent Installation

Performing a Silent Installation

To Save Your Installation Answers
To Perform a Silent Installation

Uninstallation

Uninstalling an iPlanet Server

To Uninstall an iPlanet Server on UNIX Systems
To Uninstall an iPlanet Server on Windows NT Systems

Silent Uninstallation

To Perform a Silent Uninstallation on UNIX Systems
To Perform a Silent Uninstallation on Windows NT Systems

Part 2 iPlanet Console Basics

Chapter 3 Using iPlanet Console

Starting iPlanet Console and Logging In

Starting iPlanet Console

To Start iPlanet Console on UNIX Systems
To Start iPlanet Console on Windows NT Systems

Logging In to iPlanet Console With a User Name and Password

To Log in to iPlanet Console With a User Name and Password

Logging In to iPlanet Console Using Client Authentication

To Request and Install a New Client Certificate
To Make Your Client Certificate Available to iPlanet Console on UNIX Systems
To Make Your Client Certificate Available to iPlanet Console on Windows NT
To Establish a Secure Connection With an Instance of Administration Server

A Tour of iPlanet Console

iPlanet Console Menus
iPlanet Console Tabs
The Servers and Applications Tab
The Administration Domain

To Create an Administration Domain
To Modify an Administration Domain
To Remove an Administration Domain

Customizing iPlanet Console

Storing Display Settings

To Change Where Display Settings Are Stored
To Reset Display Settings to Their Default Values

Setting Display Fonts

To Create a Font Profile
To Edit an Existing Font Profile
To Rename a Font Profile
To Use a Font Profile
To Remove a Font Profile

Customizing the Main Window

To Customize the Main Window

Customizing Tables

To Change Column Position in a Table
To Change the Width of Columns in a Table

Creating Custom Views of the Navigation Tree

To Create a Custom View of the Navigation Tree

Working With Custom Views

To Switch to a Custom View
To Edit a Custom View
To Rename a Custom View
To Set Access Permissions for a Public View
To Delete a Custom View

Administration Express

Accessing Administration Express

To Open Administration Express

Using Administration Express

To Start or Stop a Server Instance From Administration Express
To View Basic Server Information From Administration Express
To View Access and Error Logs From Administration Express

Setting the Refresh Rate for Administration Express

To Set the Refresh Rate for Administration Express

Chapter 4 Servers in iPlanet Console

Working With Earlier Netscape Servers

Adding a Pre-4.0 Server to the Tree

To Add a Pre-4.0 Server to the Navigation Tree

Migrating from a Pre-4.0 Server to a Newer Server

To Migrate From a Pre-4.0 Server to a Newer Version

Working With iPlanet Servers

Opening a Server Management Window

To Open an iPlanet Server Management Window

Creating a New Server Instance

To Create a New Server Instance

Modifying Host, Server Group, and Instance Information

To Modify Host, Server Group, and Instance Information

Cloning a Server

To Clone Server Settings to Another Server

Removing a Server Instance

To Remove a Server Instance

Uninstalling an iPlanet Server
Merging Configuration Data From Two Directory Servers

To Merge Configuration Data From Two Directory Servers

Chapter 5 User and Group Administration

Interacting with Directory Server

Using Distinguished Names
Distinguished Names, Attributes, and Syntax

Distinguished Names
Attributes
DN and Attribute Guidelines and Syntax

Locating a User or Group in the Directory

To Locate Users or Groups in the Directory

Choosing a Different Directory to Search

To Change the Directory to Search

Creating New Directory Entries

Users

To Create a New User Entry in the Directory
The User's Preferred Language

Administrators

To Create an Administrator

Specifying Windows NT and UNIX Systems Options

To Enable Windows NT and UNIX Systems Panels for an Individual User
To Enable Windows NT and UNIX Systems Panels for All New Users
To Set Windows NT and UNIX Systems Options and Attributes for a New User

Groups

To Create a Static Group in the Directory
To Add Users to the Configuration Administrators Group
To Create a Dynamic Group
To Create a Certificate Group

Organizational Units

To Create a New Organizational Unit

Modifying Existing Directory Entries

Updating User and Group Entries

To Edit a User or Group Entry in the Directory
To Change a User Password
To Change the Configuration Administrator's User Name or Password
To Change the Administration Server Administrator's User Name or Password
To Remove a User, Group, or Organizational Unit From the Directory

Part 3 Using iPlanet Administration Server

Chapter 6 Administration Server Basics

Restarting Administration Server

To Restart the Server From iPlanet Console
To Restart the Server From the Command Line

UNIX Systems
Windows NT Systems

To Restart the Server From the NT Control Panel

Stopping Administration Server

To Stop the Server From iPlanet Console
To Stop the Server From the Command Line

UNIX Systems
Windows NT Systems

To Stop the Server From the NT Control Panel

Logging Options

To View the Access Log
To View the Error Log
To Change Where Logs Are Stored

The iPlanet Administration Page

To Access the Administration Page

Chapter 7 Administration Server Configuration

Network Settings

To Configure Network Settings

Access Settings

To Set Administration Server Access Settings

Encryption Settings

To Request and Install a Certificate for Administration Server
To Activate SSL on Administration Server

Directory Settings

The Configuration Directory
Changing the Host or Port Number

To Change the Host or Port Number

The User Directory
User Directory Settings

User Authentication and Directory Failover Support
Changing User Directory Settings for a Domain
To Change the User Directory Settings for a Domain
To Change User Directory Settings for a Server Group

Chapter 8 Administration Server Command-Line Tools

admconfi

Syntax
Options
Tasks and Their Arguments
Examples

admin_ip.p

Usage

ldapsearch, ldapmodify, and ldapdelet
sec-activat

Syntax
Example

sec-migrat

Syntax

moduti

Syntax
Tasks and Options
Usage
JAR Information File
JAR Information File Syntax
Examples of Using modutil

Part 4 Advanced Server Management

Chapter 9 Access Control

Overview of Access Control

Examples of Access Control

Setting Access Permissions For Servers

To Set Access Permissions for a Server in the Navigation Tree

Working With Access Control Instructions

What's in an ACI

Target
Permissions
Bind Rules

Using the ACI Manager and ACI Editor

To Specify What You Want an ACI to Apply To
To Create a New ACI With the Visual ACI Editor
To Create a New ACI With the Manual ACI Editor
To Edit an Existing ACI With the ACI Editor
To Remove an ACI

Chapter 10 Using SSL and TLS with iPlanet Servers

The SSL and TLS Protocols

SSL and TLS Ciphers

Choosing SSL and TLS Ciphers

Preparing to Use SSL and TLS Encryption

Using External Security Devices

Slots and Security Devices
To Install an External Security Device
To Remove an External PKCS #11 Module

Obtaining and Installing a Server Certificate

SSL Certificates
Preparing to Set Up SSL and TLS

Setting up SSL or TLS With an Internal Security Device
Setting up SSL or TLS With an External Security Device
Setting Up SSL With Internal and External Security Devices

Generating a Server Certificate Request

To Generate a Certificate Request

Sending a Server Certificate Request

To Send a Server Certificate Request as Email

Installing the Certificate

To Back Up a Certificate
To Install a Server Certificate
To Install a CA Certificate or Server Certificate Chain

Backing Up and Restoring Your Certificate Database

To Back Up Your Certificate Database
To Restore Your Certificate Database From a Backup

Activating SSL

To Activate SSL on an iPlanet Server or a Netscape 4.x Server

Managing Server Certificates

Renewing a Certificate

To Check a Certificate Expiration Date
To Generate a Certificate Renewal Request

Changing the CA Trust Options

To Change the CA Trust Options

Changing Security Device Passwords

To Change a Security Device Password

Managing Certificate Lists

To Obtain a CRL or CKL From a CA
To View, Add, or Delete a CRL or CKL

Using Client Authentication

How Client Authentication Works
Preparing to Use Client Authentication
The certmap.conf File

DNComps
FilterComps
VerifyCert
CmapLdapAttr
Library
InitFn
Custom Properties

Editing the certmap.conf File

To Edit the certmap.conf File

Example certmap.conf Mappings

Example of a Default Mapping
Example of an Additional Mapping
Example of a Mapping With an Attribute Search

Using Client Authentication Between Servers

To Set Up Client Authentication Between Servers

Client Authentication for Users

To Set Up Client Authentication for Users

Chapter 11 Using SNMP to Monitor Servers

SNMP Basics

How SNMP Works
iPlanet MIBs

The Administration Server MIB

Types of SNMP Messages

Network Management Station-Initiated Communication
Server-Initiated Communication

Setting Up SNMP on UNIX Systems
Using a Proxy SNMP Agent on UNIX Systems

Installing and Starting the Proxy SNMP Agent

To Install the SNMP Proxy Agent
To Start the SNMP Proxy Agent
To Restart the Native Agent

Reconfiguring a Native Agent on UNIX Systems
Configuring the Master Agent on UNIX Systems

Community Strings
Trap Destinations
Configuring the Master Agent using iPlanet Console

To Add, Edit, or Remove a Community String using iPlanet Console
To Add, Edit, or Remove a Trap Destination

Manually Configuring the Master Agent

To Configure the Master SNMP Agent Manually
Editing the Master Agent Config File
Defining sysContact and sysLocation Variables

Starting the Master Agent on UNIX Systems

Starting the Agent Using iPlanet Console

To Start the Master Agent Using iPlanet Console

Starting the Agent From the Command Line

To Start the Agent on the Standard Port
To Start the Agent on a Non-Standard Port Using the Config File
To Start the Agent on a Non-Standard Port Using System Services

Enabling the Subagent on UNIX Systems
Using the Windows NT SNMP Service

To Set Up SNMP on Windows NT Systems

Part 5 Appendixes

Appendix A Fortezza

How It Works
How Fortezza Crypto Cards Are Certified
Fortezza Keys, Certificates, and Encryption

CRLs and CKLs
Encryption Algorithms

SKIPJACK
SSL Protocol
RC4 Encryption
NULL Encryption

Enabling Fortezza

To Enable Fortezza on Administration Server

Appendix B Introduction to Public-Key Cryptography

Internet Security Issues
Encryption and Decryption

Symmetric-Key Encryption
Public-Key Encryption
Key Length and Encryption Strength

Digital Signatures
Certificates and Authentication

A Certificate Identifies Someone or Something
Authentication Confirms an Identity

Password-Based Authentication
Certificate-Based Authentication

How Certificates Are Used

Types of Certificates
SSL Protocol
Signed and Encrypted Email
Form Signing
Single Sign-On
Object Signing

Contents of a Certificate

Distinguished Names
A Typical Certificate

How CA Certificates Are Used to Establish Trust

CA Hierarchies
Certificate Chains
Verifying a Certificate Chain

Managing Certificates

Issuing Certificates
Certificates and the LDAP Directory
Key Management
Renewing and Revoking Certificates
Registration Authorities

Appendix C Introduction to SSL

The SSL Protocol
Ciphers Used With SSL

Cipher Suites With RSA Key Exchange
Fortezza Cipher Suites

The SSL Handshake

Server Authentication
Man-in-the-Middle Attack
Client Authentication

Glossary

Index