Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Building a Robust Linux Security Solution: Page 8 of 15

The U.S.-based OpenLDAP project (
) provides an implementation of LDAP, often used by the RA to store certificates, which can then be queried by PKI subjects. The OpenLDAP distribution includes an LDAP server (primary and replicated), as well as a set of sample clients and a number of administration tools.

Let’s return to the extranet access problem. Your business partner has requested a certificate from your RA, and your CA has approved the request. Your partner can now present this certificate to your secure Web site and use strong authentication to access the extranet services that you offer on your DMZ. This is a straightforward solution, using proven technology (HTTP servers, CGI scripts, and Perl modules) and standards-based protocols (X.509, SSL, and LDAP).

The OpenCA and OpenRA modules can be obtained from
. The OpenLDAP server is available from
. The Apache and OpenSSL software can be downloaded from
, respectively.


Developed under the auspices of the IETF, the IPSec standards (RFC 2401) have slowly emerged as the most popular protocols for ensuring the privacy and integrity of data traversing VPNs. Using IPSec’s Encapsulated Security Payload (ESP) at the security gateways, corporations large and small can use the Internet to transfer private data inside encapsulated and encrypted packets, whose source and destination addresses are always those of the security gateways.