Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual page 404

Activating SSL
Before you can activate SSL, you must create a certificate database, obtain and
install a server certificate and trust the CA's certificate as described in "Obtaining
and Installing Server Certificates" on page 399.
NOTE
To activate SSL communications:
Set the secure port you want the server to use for SSL communications. See
1.
"Changing Directory Server Port Numbers" on page 37 for information.
The encrypted port number that you specify must not be the same port number
you use for normal LDAP communications. By default, the standard port
number is 389 and the secure port is 636.
In the Directory Server Console, select the Configuration tab and then select
2.
the topmost entry in the navigation tree in the left pane.
Select the Encryption tab in the right pane.
3.
The tab displays the current server encryption settings.
Indicate that you want encryption enabled by selecting the "Enable SSL for this
4.
Server" checkbox.
Check the "Use this Cipher Family" checkbox.
5.
Select the certificate that you want to use from the drop-down menu.
6.
Click Cipher Settings.
7.
The Cipher Preference dialog box is displayed.
Select the checkbox next to the cipher you want to use, and click OK to save
8.
your changes.
For more information about specific ciphers, see "Setting Security Preferences"
on page 406.
404 Netscape Directory Server Administrator's Guide • December 2003
On SSL-enabled servers, be sure to check the file permissions on
certificate-database files, key-databases files, and PIN files to
protect the sensitive information they contain. Because the server
does not enforce read-only permissions on these files, check the
file modes (on UNIX) to protect the sensitive information
contained in these files.