Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual page 382

Activating SSL
To activate SSL communications:
Set the secure port you want the server to use for SSL communications. See
1.
"Changing Directory Server Port Numbers," on page 33 for information.
The encrypted port number that you specify must not be the same port number
you use for normal LDAP communications. By default, the standard port
number is 389 and the secure port is 636.
On the Directory Server Console, select the Configuration tab and then select
2.
the topmost entry in the navigation tree in the left pane.
Select the Encryption tab in the right pane.
3.
The tab displays the current server encryption settings.
Indicate that you want encryption enabled by selecting the "Enable SSL for this
4.
Server" checkbox.
Check the "Use this Cipher Family" checkbox.
5.
Select the certificate that you want to use from the drop-down menu.
6.
Click Cipher Settings .
7.
The Cipher Preference dialog box is displayed.
Select the checkbox next to the cipher you want to use, and click OK to dismiss
8.
the Cipher Preference dialog box.
For more information about specific ciphers, see "Setting Security
Preferences," on page 383.
Set your preferences for client authentication.
9.
Do not allow client authentication. With this option, the server will ignore the
client's certificate. This does not mean that the bind will fail.
Allow client authentication. This is the default setting. With this option,
authentication is performed on the client's request. For more information about
certificate-based authentication, see ""Using Certificate-Based
Authentication," on page 385.
Require client authentication. With this option, the server requests
authentication from the client.
NOTE
382 Netscape Directory Server Administrator's Guide • May 2002
If you are using certificate-based authentication with replication,
then you must configure the consumer server to either allow or
require client authentication.