Managing Electra X CA Certificates

© 2017 Harmonic. All rights Reserved.

 Table of Contents
Managing Electra X CA Certificates for Active Directory and LDAPS ............................. 1

Creating the CA Certificate .......................................................................................... 1

On the Windows AD server ...................................................................................... 1

Installing the Certificate ............................................................................................... 2

Enabling LDAPS from NMX ......................................................................................... 2

iii
Managing Electra X CA Certificates for Active
Directory and LDAPS
LDAPS can encrypt and secure communication between your Electra X device and the
Network Directory or Domain Controller within your infrastructure. Before you enable
LDAPS, you must create and upload a Certificate Authority (CA) security certificate file
to your Electra X device.

Windows clients can upload and download content on an Electra X using standard
Windows file sharing methods, where the Electra X authenticates the Windows client
(the user) against the Windows Active Directory (AD) server. Electra X performs the
authentication using the LDAPS protocol, so that the user's identity information is
securely passed on the network to the Windows AD server. LDAPS encrypts the
information and protects it.

To use LDAPS with Electra X, you need to upload a certificate file issued by a
Certificate Authority. The Windows AD server can act as the Certificate Authority and
generate the file, which serves the function of a public RSA certificate, just as the public
SSH key does. The certificate file contains sensitive data and should be protected
accordingly.

Creating the CA Certificate

Your IT department can generate the CA certificate as part of their responsibilities for
the AD.

On the Windows AD server

1. Install the Windows AD Domain Services.
2. Add the Electra X device to the Windows AD domain.
The computer name must match the hostname of Electra X.
3. Install the Windows AD Certificate Services.
When configuring the service, accept the default Common Name (CN) of the
Certificate Authority chosen by the Microsoft Wizard.
4. Create a certificate that supports Server Authentication.
See https://technet.microsoft.com/en-us/library/cc754478.aspx for more
information.
5. Using the Administrator account on the AD server, run the following command
from the Windows command line to export the certificate:
certutil -ca.cert my_certificate.cer

1
Managing Electra X CA Cerficates

This is the certificate file required by Electra X. This file contains sensitive
security data and should be protected. See
https://support.microsoft.com/en-us/kb/555252 for more information.
6. Copy the certificate file to Electra X using a secure protocol such as SSH or
SCP.

Installing the Certificate

1. Login to the Electra X console.
2. Convert the uploaded certificate file into PEM format:
% openssl x509 -inform der -in /path/to/uploaded/my_certificate.cer -out
/usr/ssl/certs/my_certificate.pem
% wb /usr/ssl/certs/my_certificate.pem
3. Ensure that the certificate is located in the appropriate directory.
4. Ensure that NMX configures the certificate file name correctly.

Enabling LDAPS from NMX

1. From NMX Options > External Servers > Electra X LDAP Settings, select the
LDAPS check box.
2. Enter the name of the uploaded certificate file in the Certificate File Name field.
3. Click OK.

2
Managing CA Certificates