1/10

Contents

Title and Copyright Information

Preface

• Audience
• Related Documents
• Documentation Accessibility

1 Calendar Server Security Overview

• Basic Security Considerations
• Understanding the Calendar Server Environment
• Overview of Calendar Server Security
• Recommended Deployment Topologies
• Operating System Security
  • Firewall Port Configuration
• Database Security
• Secure Communications
• LDAP Security

2 Performing a Secure Calendar Server Installation

• Installing Infrastructure Components Securely
• Credentials Needed to Install Calendar Server Components
• Post-Installation Configuration

3 Implementing Calendar Server Security

• About System Security in Calendar Server
• Configuring HTTPS on Front-End GlassFish Server Hosts
  • Installing an Official Certificate
  • Setting SSL Default Port to 443
  • Changing the URL Prefix When Reconfiguring for SSL
• Disabling SSLv3 on Front-End GlassFish Server Hosts
• Disabling HTTP on Front-End GlassFish Server Hosts
• Enabling LDAP SSL in Calendar Server
• Enabling Secure Notification Mail Submission
• Configuring and Using Authentication
• Configuring Calendar Server Proxy Authentication
• Configuring and Using Access Control
• Adding LDAP Access Control for Calendar Server Features
• Configuring SSL for the Database Back End and Document Store
  • Configuring SSL for MySQL Server
  • Configuring SSL for the Oracle Database
    • Installing the Database Server Certificate
    • Enabling the TCP/IP SSL Listener in Oracle Net Services
    • Completing Installation and Modifying JDBC Connection Pool Settings
  • Configuring SSL for the Remote Document Store
    • Creating an SSL Certificate
    • Creating or Updating the SSL Keystore on the Document Store Server Host
    • Making SSL Configuration Changes on the Document Store
    • Installing a Certificate on the Calendar Server Host
    • Configuring Calendar Server to Use SSL for the Document Store
• Making Calendar Server and GlassFish Server Secure
  • Preventing Denial of Service Attacks on GlassFish Server
  • Configuring JMX Port for GlassFish Server to Use SSL
• Detecting Possible Security Issues

4 Managing Domain Access Controls

• Domain ACLs Overview
• Authenticated Access
  • icsDomainNames Attribute Overview
  • icsDomainAcl Attribute Overview
• Authenticated Access Examples
• Anonymous Access Overview

5 Creating, Exporting, and Importing SSL Certificates

• Overview of Self-Signed and Certificate Authority Certificates
• Creating a Self-Signed Certificate
• Installing the Self-Signed Certificate on the Client
• Creating a CA-Signed Certificate Request
• Importing a CA-Signed Certificate

6 Configuring Client Authentication

• Overview of Setting Up Certificate Authentication
• Setting Up Your Certificate Authority (CA)
  • Enabling SSL and Client Authentication for a Listener
  • Generating a Certificate Request and Import into GlassFish Server
  • Creating an SSL Client
  • Configuring Calendar Server
  • Testing Certificate Authentication
  • Installing the Client Certificate in Connector for Microsoft Outlook

7 Configuring GlassFish Server to Use a CA-Signed Certificate