Table of Contents
Advertisement
Enabling SSL Only in the Directory Server:
Obtain and install CA and server certificates.
1.
Set the secure port you want the server to use for SSL communications.
2.
The encrypted port number that you specify must not be the same port number
you use for normal LDAP communications. By default, the standard port
number is
, and the secure port is
389
, change to a port number above
root
Change the secure port number in the Configuration>Settings tab of the
a.
Directory Server Console. Save.
Restart the Directory Server. It will restart still with the regular port.
b.
In the Directory Server Console, select the Configuration tab, and then select
3.
the topmost entry in the navigation tree in the left pane. Select the Encryption
tab in the right pane.
Select the "Enable SSL for this Server" checkbox.
4.
Check the "Use this Cipher Family" checkbox.
5.
Select the certificate that you want to use from the drop-down menu.
6.
Click Cipher Settings.
7.
The Cipher Preference dialog box is displayed. By default, all ciphers are
selected.
Set your preferences for client authentication.
8.
Do not allow client authentication — With this option, the server will
H
ignore the client's certificate. This does not mean that the bind will fail.
Allow client authentication — This is the default setting. With this option,
H
authentication is performed on the client's request. For more information
about certificate-based authentication, see "Using Certificate-Based
Authentication," on page 435.
Require client authentication — With this option, the server requests
H
authentication from the client.
If you are only enabling SSL in the Directory Server, do not select "Require
client authentication" checkbox.
Starting the Server with SSL Enabled
. if you did not install the server as
636
:
1024
Chapter 11
Managing SSL and SASL
429
Advertisement
Table of Contents
Troubleshooting
