Replication Over Ssl - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

Replication Over SSL

If you want the update operation to occur over an SSL connection, you must
modify the
and values. For more information on the
"Managing Entries From the Command Line" on page 55 and Netscape Directory
Server Configuration, Command, and File Reference.
Replication Over SSL
You can configure Directory Servers involved in replication so that all replication
operations occur over an SSL connection.
To use replication over SSL, you must first do the following:
• Configure both your supplier and consumer servers to use SSL.
• Configure your consumer server to recognize your supplier server's certificate
as the supplier DN. You do this only if you want to use SSL client
authentication rather than simple authentication.
These procedures are described in Chapter 11, "Managing SSL."
NOTE
When your servers are configured to use SSL, you can ensure replication
operations occur over SSL connections by using the Replication Wizard, which
enables you to set up a replication agreement between two Directory Servers. Keep
in mind that once you create a replication agreement, you cannot change the
connection type (SSL or nonSSL) defined in the agreement; this is because LDAP
and LDAPS connections use different ports. To change the connection type, you
must re-create the replication agreement.
334 Netscape Directory Server Administrator's Guide • December 2003
command in the script with the appropriate parameters
ldapmodify
Replication configured over SSL with certificate-based
authentication will fail in the following cases:
• If the supplier's certificate is a self-signed certificate.
• If the supplier's certificate is only capable of behaving as an SSL
server certificate, that is, unable to play the role of the client
during an SSL handshake.
command, refer to
ldapmodify