Secure Sockets Layer

Use this information to work with secure sockets layer.

Directory Server can protect LDAP access by encrypting data with Secure Sockets Layer (SSL) security. When you use SSL to secure LDAP communications with Directory Server, both server authentication and client authentication are supported.

With server authentication, Directory Server must have a digital certificate (based on the X.509 standard). This digital certificate is used to authenticate Directory Server to the client application such as the Directory Management Tool, idsldapsearch, or an application that is built from the application development package, for LDAP access over SSL.

For server authentication, Directory Server supplies the client with the Directory Server X.509 certificate during the initial SSL handshake. If the client validates the server certificate, then a secure, encrypted communication channel is established between Directory Server and the client application.

For server authentication to work, Directory Server must have a private key and associated server certificate in the key database file of the server.

Client authentication provides for two-way authentication between the LDAP client and the LDAP server.

With client authentication, the LDAP client must have a digital certificate (based on the X.509 standard). This digital certificate is used to authenticate the LDAP client to the Directory Server. See Client authentication.

To conduct commercial business on the Internet, you might use a widely known certificate authority (CA), such as VeriSign, to get a high assurance server certificate.