Configuring Replication Over Ssl Using The Replication Wizard - Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual

NOTE Replication over SSL will fail in the following cases:
• If the supplier's certificate is a self-signed certificate
• If the supplier's certificate is an SSL server-only certificate, that
is it can't act as a client during an SSL handshake.
When your servers are configured to use SSL, you can ensure replication
operations occur over SSL connections by using the:
• Replication Wizard, when you set up the replication agreement between two
Directory Servers.
• Directory Server Console, at any time after the initial replication agreement
was configured.
Configuring Replication Over SSL Using the
Replication Wizard
On the Directory Server Console of the supplier server, click the Configuration
1.
tab, expand the Replication folder and select the database that you want to
replicate.
Right-click the database, and choose New Replication Agreement from the
2.
drop-down menu.
The Replication Agreement Wizard is displayed.
Go through each step in the Replication Agreement Wizard until you reach the
3.
Source and Destination window.
In the Connection section, check "Using Encrypted SSL Connnection".
4.
Select "SSL Client Authentication" or "Simple Authentication.
5.
If you select SSL Client Authentication, the supplier and consumer servers will
use certificates to authenticate to each other.
If you select Simple Authentication, the supplier and consumer servers will use
a bind DN and password to authenticate to each other. You must specify this
information in the text fields provided. When you specify this option, simple
authentication takes place over a secure channel but without certificates.
Click Next, and proceed with the replication setup.
6.
Replication over SSL
Chapter 8 Managing Replication 315