Enabling SSL/TLS Support

The following high-level steps are required to enable SSL/TLS support for LDAP. These steps assume you have already installed and configured the LDAP server.

1. Generate the LDAP server private key and server certificate and mark it as the default in the key database or use its label on the sslCertificate option in the LDAP server configuration file.
2. Configure the LDAP server to the security options you want that are related to SSL/TLS secure communications. (see Setting up the Security Options for the LDAP Server).
   • Defining the acceptable SSL and TLS protocol levels.
   • Defining the acceptable cipher specifications.
   • Defining the secure sockets and bimodal sockets the server uses to listen for inbound client requests.
   • Defining the type of authentication wanted.
   • Defining the server certificate to be used, and where it is located.
3. Restart the LDAP server.