Secure Sockets Layer

Use this information to work with secure sockets layer.

IBM® Security Verify Directory can protect LDAP access by encrypting data with Secure Sockets Layer (SSL) security. When you use SSL to secure LDAP communications with IBM Security Verify Directory, both server authentication and client authentication are supported.

With server authentication, IBM Security Verify Directory must have a digital certificate (based on the X.509 standard). This digital certificate is used to authenticate IBM Security Verify Directory to the client application such as the Directory Management Tool, idsldapsearch, or an application that is built from the application development package, for LDAP access over SSL.

For server authentication, IBM Security Verify Directory supplies the client with the IBM Security Verify Directory X.509 certificate during the initial SSL handshake. If the client validates the server certificate, then a secure, encrypted communication channel is established between IBM Security Directory Server and the client application.

For server authentication to work, IBM Security Verify Directory must have a private key and associated server certificate in the key database file of the server.

Client authentication provides for two-way authentication between the LDAP client and the LDAP server.

With client authentication, the LDAP client must have a digital certificate (based on the X.509 standard). This digital certificate is used to authenticate the LDAP client to IBM Security Verify Directory. See Certificate based client authentication.

To conduct commercial business on the Internet, you might use a widely known certificate authority (CA), such as VeriSign, to get a high assurance server certificate.