SSL certificate overview

You can use SSL with either a self-signed certificate or with a certificate that is signed by a certificate authority.

Using a self-signed certificate is the simplest method for using SSL, but it does create a small security risk: the SSL client has no way of validating the identity of the SSL server for the first connection that is attempted between the client and server. A third party can impersonate the server and intercept data that moves between the management module and the web browser. If, at the time of the initial connection between the browser and the management module, the self-signed certificate is imported into the certificate store of the browser, all future communications is secure for that browser (assuming that the initial connection was not compromised by an attack).

For more complete security, you can use a certificate that is signed by a certificate authority. To obtain a signed certificate, use the SSL Certificate Management page to generate a certificate-signing request. You must then send the certificate-signing request to a certificate authority and make arrangements to procure a certificate. When the certificate is received, it is then imported into the management module through the Import a Signed Certificate link, and you can enable SSL.

The function of the certificate authority is to verify the identity of the management module. A certificate contains digital signatures for the certificate authority and the management module. If a well-known certificate authority issues the certificate or if the certificate of the certificate authority has already been imported into the web browser, the browser can validate the certificate and positively identify the management-module web server.

The management module requires a certificate for the secure web server and one for the secure LDAP client. Also, the secure LDAP client requires one or more trusted certificates. The trusted certificate is used by the secure LDAP client to positively identify the LDAP server. The trusted certificate is the certificate of the certificate authority that signed the certificate of the LDAP server. If the LDAP server uses self-signed certificates, the trusted certificate can be the certificate of the LDAP server itself. Additional trusted certificates can be imported if more than one LDAP server is used in your configuration.