Using the Server Editor to configure SSL on UNIX
In the UNIX Server Editor, you can enable encrypted connections, unencrypted connections, or both.
On the server host computer:
- You can set the unencrypted port and leave the SSL port unset (or set it to 0); in this case, only unencrypted connections are allowed.
- You can set the SSL port and unset the unencrypted port (or set it to 0); in this case, only encrypted connections are allowed.
- You can set both an unencrypted port and an SSL port; in this
case both encrypted and unencrypted connections are allowed. Firewalls
can be configured to allow access to the appropriate ports from other
systems.Note: If the server allows both encrypted and unencrypted connections, clients that use the same interfaces file as the server (including local clients) connect using the unencrypted port. If you want to use SSL to connect on these computers, do not specify an unencrypted port for the server.
On each client computer:
- If you want the client to connect to the server from this computer without using encryption, create an entry that specifies the server host, server name, and unencrypted port.
- If you want the client to connect to the server from this computer
by using encryption, create an entry that specifies the server host,
server name, and SSL port. For this entry, the server name that you
specify must be identical to the common name that is specified
for the server when creating and authorizing a certificate request. Note: If you create entries for both an SSL connection and an unencrypted connection on the same client computer for the same server, use the common name for the SSL entry (as specified when creating a certificate request), and an alternative name for the unencrypted entry.