Previous Topic: Encrypt LDAP Bindings

Next Topic: How to Encrypt Communications Between Your Browser and DXmanager or JXweb

Configure DSA to Act as an LDAP Client with SSL Encryption

You can set up SSL encryption between third-party LDAP servers and your CA Directory backbone.

CA Directory DSAs operate as SSL clients when they act as LDAP clients to communicate with LDAP servers. This means that the LDAP servers do not need copies of the CA Directory DSA's root or DSA certificates.

You can secure the connection using SSL encryption by using the following steps:

  1. Ensure that you have access to a Certificate Authority.
  2. Using your Certificate Authority, produce server certificates for both the LDAP server and the DSA, and sign them with the Certificate Authority's root certificate.
  3. Configure CA Directory and the LDAP server to trust the Certificate Authority by importing the root certificate.
  4. Configure CA Directory and the LDAP server to use the server certificate signed by the Certificate Authority for SSL operations.
  5. Configure CA Directory to connect to the LDAP server by using DXmanager.
  6. Test that everything is working correctly, as follows:
    1. Start the LDAP server.
    2. Start the DSA.
    3. Verify that SSL is being used using the following command on a DSA console:
      	trace x500;
      

      SSL operations are now prefixed with (SSL).