Table of Contents
Advertisement
Introduction to SSL in the Directory Server
Using SSL with simple authentication guarantees confidentiality and data
integrity. The benefits of using a certificate to authenticate to the Directory Server
instead of a bind DN and password include:
•
Improved efficiency—When you are using applications that prompt you once
for your certificate database password, and then use that certificate for all
subsequent bind or authentication operations, it is more efficient than
continuously providing a bind DN and password.
•
Improved security—The use of certificate-based authentication is more secure
than non-certificate bind operations. This is because certificate-based
authentication uses public-key cryptography. As a result, bind credentials
cannot be intercepted across the network.
Directory Server is capable of simultaneous SSL and non-SSL communications.
This means that you do not have to choose between SSL or non-SSL
communications for your Directory Server; you can use both at the same time.
NOTE
Enabling SSL: Summary of Steps
To use LDAPS, you must do the following:
Obtain and install a certificate for your Directory Server, and configure the
1.
Directory Server to trust the certification authority's certificate.
For information, see "Obtaining and Installing Server Certificates," on
page 375.
Turn on SSL in your directory.
2.
For information, see "Activating SSL," on page 379.
Configure the Administration Server to connect to an SSL-enabled Directory
3.
Server.
For information, see Managing Servers with Netscape Console.
Optionally, ensure that each user of the Directory Server obtains and installs a
4.
personal certificate for all clients that will authenticate with SSL.
For information, see "Configuring LDAP Clients to Use SSL," on page 384.
374
Netscape Directory Server Administrator's Guide • January 2002
If you are running Directory Server on a UNIX platform, enabling
SSL will also enable support the the StartTLS extended operation.
The StartTLS extended operation provides security on a regular
LDAP connection.
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
Related Products for Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.0
- Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - GATEWAY CUSTOMIZATION
- Netscape ENTERPRISE SERVER 6.0