Using Certificate-Based Authentication - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

In the Directory Server Console, select the Configuration tab and then select
2.
the topmost entry in the navigation tree in the left pane.
Select the Encryption tab in the right pane.
3.
This displays the current server encryption settings.
Click Cipher Settings.
4.
The Cipher Preference dialog box is displayed.
In theCipher Preference dialog box, specify which ciphers you want your
5.
server to use by selecting them from the list, and click OK.
Unless you have a security reason to not use a specific cipher, you should select
all of the ciphers, except for
In the Encryption tab, click Save.
6.
CAUTION
In order to continue using the Netscape Console with SSL, you must select at
least one of the following ciphers:
• RC4 cipher with 40-bit encryption and MD5 message authentication.
• No encryption, only MD5 message authentication.
• DES with 56-bit encryption and SHA message authentication.
• RC4 cipher with 128-bit encryption and MD5 message authentication.
• Triple DES with 168-bit encryption and SHA message authentication.

Using Certificate-Based Authentication

Directory Server allows you to use certificate-based authentication for the
command-line tools (which are LDAP clients) and for replication
communications. Certificate-based authentication can occur between:
• An LDAP client connecting to the Directory Server
• A Directory Server connecting to another Directory Server (replication or
chaining)
none,MD5
Avoid selecting the
none,MD5
option if no other ciphers are available on the client. It is not secure
because encryption doesn't occur.
Using Certificate-Based Authentication
.
cipher because the server will use this
Chapter 11 Managing SSL 407