You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Configure a secure port between Directory Proxy Server and the back-end LDAP server.
$ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ ldaps-port:port-number
Configure when SSL is used for connections between Directory Proxy Server and the back-end LDAP server.
$ dpconf set-ldap-data-source-prop -h host -p port data-source-name ssl-policy:value
If value is always, SSL is always used for connections.
If value is client, SSL is used if the client is using SSL.
If the connection is not using SSL, you can promote the connection to SSL by using the startTLS command.
Transport Layer Security (TLS) is the standard version of SSL. TLS over LDAP is the IETF approved standard way of securing LDAP. LDAPS is a de facto standard but leads to some complexity such as having two ports instead of only one port for the service.
Choose the protocols and ciphers for SSL as described in Choosing SSL Ciphers and SSL Protocols for Directory Proxy Server.
Configure Directory Proxy Server to validate an SSL server certificate from the back-end LDAP server.
If the back-end LDAP server requests a certificate from Directory Proxy Server, configure Directory Proxy Server to send an SSL client certificate.
For information, see Exporting a Certificate to a Back-End LDAP Server.
Restart the instance of Directory Proxy Server for the changes to take effect.
For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.