Enabling Ssl: Summary Of Steps - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

Introduction to SSL in the Directory Server
Using SSL with simple authentication ensures confidentiality and data integrity.
The benefits of using a certificate to authenticate to the Directory Server, instead
of a bind DN and password, include:
• Improved efficiency—When you are using applications that prompt you once
for your certificate database password, and then use that certificate for all
subsequent bind or authentication operations, it is more efficient than
continuously providing a bind DN and password.
• Improved security—The use of certificate-based authentication is more secure
than non-certificate bind operations. This is because certificate-based
authentication uses public-key cryptography. As a result, bind credentials
cannot be intercepted across the network.
The Directory Server is capable of simultaneous SSL and non-SSL
communications. This means that you do not have to choose between SSL or
non-SSL communications for your Directory Server; you can use both at the
same time.
NOTE

Enabling SSL: Summary of Steps

To configure your Directory Server to use LDAPS, follow these steps:
Obtain and install a certificate for your Directory Server, and configure the
1.
Directory Server to trust the certification authority's (CA's) certificate.
For information, see "Obtaining and Installing Server Certificates" on
page 399.
Turn on SSL in your directory.
2.
For information, see "Activating SSL" on page 403.
Configure the Administration Server to connect to an SSL-enabled
3.
Directory Server.
For information, see Managing Servers with Netscape Console.
398 Netscape Directory Server Administrator's Guide • December 2003
If you are running Directory Server on a UNIX platform,
enabling SSL will also enable support the the StartTLS extended
operation. The StartTLS extended operation provides security on
a regular LDAP connection.