Content Classification Service Integration Guide › CCS Deployment › Configure Security for the Classification Cache › Enforce Secure Communication

Enforce Secure Communication

You enforce secure communications with the classification cache by editing the DSA configuration file. You can then set up SSL-based connections to the cache.

To enforce SSL

1. Edit the DSA configuration file.

   This file is the custom configuration file, <DSA Name>.dxc, that you created in the previous section. Find this file in %DXHOME%/config/settings.

   <DSA_Name>

   Is the name of the Classification Cache DSA. It defaults to ccscache.

   %DXHOME%

   Is a Windows environment variable that specifies the path to the CA Directory installation folder. In a typical installation, this variable is set to:

   C:\Program Files\CA\Directory\dxserver

2. Make one of the following changes to your DSA configuration file:
   • To enforce SSL with anonymous binds, add this line to your DSA configuration file:

     set force-encrypt-anon = true;
     

   • To enforce SSL with authenticated binds, add this line your DSA configuration file:

     set force-encrypt-auth = true;
     

   • To enforce username/password authentication and deny anonymous binds, add this line your DSA configuration file:

     set min-auth = clear-password;
     

     Note: If you use clear-password, you must also enforce SSL to prevent clear-text passwords being sent over the network.

3. Set up SSL connections to the classification cache.

   You set up SSL connections after installing your CCS servers. For details, see Use an SSL Secured Cache.

Note: CA Directory security is covered in chapter 9 of the CA Directory Administration Guide.