test

Sun Java System Access Manager 7 2005Q4 Administration Guide

Configuring Access Manager to Directory Server in SSL Mode

To provide secure communications over the network, Access Manager includes the LDAPS communications protocol. LDAPS is the standard LDAP protocol, but it runs on top of the Secure Sockets Layer (SSL). In order to enable SSL communication, you must first configure the Directory Server in SSL mode and then connect Access Manager to Directory Server. The basic steps are as follows:

  1. Obtain and install a certificate for your Directory Server, and configure the Directory Server to trust the certification authority’s (CA) certificate

  2. Turn on SSL in your directory.

  3. Configure the authentication, policy and platform services to connect to an SSL-enabled Directory Server.

  4. Configure Access Manager to securely connect to the Directory Server backend.

Configuring Directory Server in SSL Mode

In order to configure the Directory Server in SSL mode, you must obtain and install a server certificate, configure the Directory Server to trust the CA’s certificate and enable SSL. Detailed instructions on how to complete these tasks are included in Chapter 11, “Managing Authentication and Encryption” in the Directory Server Administration Guide. This document can be found in the following location:

http://docs.sun.com/coll/DirectoryServer_04q2

If your Directory Server is already SSL-enabled, go to the next section for details on connecting Access Manager to Directory Server.

Connecting Access Manager to the SSL-enabled Directory Server

Once the Directory Server has been configured for SSL mode, you need to securely connect Access Manager to the Directory Server backend.

ProcedureTo Connect Access Manager to Directory Server

  1. In the Access Manager Console, go to the LDAP Authentication service in the Service Configuration module.

    1. Change the Directory Server port to the SSL port.

    2. Select the Enable SSL Access to LDAP Server attribute.

  2. Go to the Membership Authentication service in the Service Configuration module.

    1. Change the Directory Server port to the SSL port.

    2. Select the Enable SSL Access to LDAP Server attribute.

  3. Go to the Policy Configuration service located in Service Configuration.

    1. Change the Directory Server port to the SSL port.

    2. Select the Enable LDAP SSL attribute.

  4. Open the serverconfig.xml in a text editor. The file is in the following location:

    /etc/opt/SUNWam/config

    1. In the <Server> element, change the following values:

      port - enter the port number of the secure port to which Access Manager listens (636 is the default).

      type- change SIMPLE to SSL.

    2. Save and close serverconfig.xml.

  5. Open the AMConfig.properties file from the following default location:

    /etc/opt/SUNWam/config.

    Change the following properties:

    1. com.iplanet.am.directory.port = 636 (if using the default)

    2. ssl.enabed = true

    3. Save AMConfig.properties.

  6. Restart the server