Enabling SSL and Transport Layer Security on the Directory Server
Use this information to enable SSL and Transport Layer Security on the Directory Server.
If you have Digital Certificate Manager installed on your system, you can use Secure Sockets Layer (SSL) security to protect access to your Directory Server. Before enabling SSL on the directory server, you might find it helpful to read the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) with the Directory Server topic.
To enable SSL on your LDAP server, do the following:
After SSL is enabled, you can change the port that your Directory Server instance uses for secured connections from .
- In , expand .
- Right-click IBM Tivoli Directory Server for IBM i and select Manage Instances.
- Right-click your Directory Server instance and select Properties.
- On the Network tab, specify
the port number that you want to make secure.
Notice that the Secure check box is checked. This indicates that an application can start an SSL or TLS connection over the secure port. It also indicates that an application can issue a StartTLS operation to allow a TLS connection over a port that is not secure. Alternatively, you can start TLS by using the -Y option from a client command-line utility. If you are using the command line, the ibm-slapdSecurity attribute must be equal to TLS or SSLTLS.