Using SSL for Remote Server Administration
You can control the level of security of communications between Server Admin and
remote servers by choosing Server Admin > Preferences.
By default, Server Admin treats communications with remote servers as encrypted
using SSL. This uses a self-signed 128-bit certicate installed in /etc/servermgrd/ssl.crt
when you install the server. Communications use HTTPS (port 311). If this option isn’t
possible, HTTP (port 687) is used and clear text is sent between Server Admin and the
remote server.
If you want a greater level of security, also select “Require valid digital signature (SSL).”
By default, “Require valid digital signature (SSL)” is disabled. This option uses an SSL
certicate installed on a remote server to ensure that the remote server is a valid
server.
Before enabling this option, use the instructions in “Requesting a Certicate from a
Certicate Authority” on page 65 for generating a CSR, obtaining an SSL certicate
from an issuing authority, and installing the certicate on each remote server.
Instead of placing les in /etc/httpd/, place them in /etc/servermgrd/. You can also
generate a self-signed certicate and install it on the remote server.
You can use Server Admin to set up and manage self-signed or -issued SSL certicates
used by mail, web, Open Directory, and other services that support them.
“Certicate Manager in Server Admin” on page 62 provides instructions for using
Server Admin to create, organize, and use security certicates for SSL-enabled services.
Individual service administration guides describe how to congure specic services to
use SSL.
If you’re interested in higher levels of SSL authentication, see the information at
www.modssl.org.
Managing Sharing
To work with share points and access control lists, click the File Sharing icon in the
Server Admin toolbar. Learn more in the online help and Mac OS X Server Resources
website at www.apple.com/server/macosx/resources/.
148 Chapter 7 Ongoing System Management
