Secure Sockets Layer for Directory Proxy Server

The Secure Sockets Layer (SSL) provides encrypted communications between a client and Directory Proxy Server. By using SSL with authentication, data sent to and from Directory Proxy Server can be encrypted.

When an instance of Directory Proxy Server is created, SSL is enabled by default and the following directories and files are created:

A randomly generated password to protect the certificate database

The password is stored in instance-path/etc/pass.txt

A key store database for certificates

The keystore database is located in instance-path/alias/cert.jks

A key store database for a symmetric encryption key

The keystore database is located in instance-path/alias/key.jceks

The key store databases are protected by the same password.

For more information about SSL, see Secure Sockets Layer (SSL). For information about how to configure SSL between clients and Directory Proxy Server, see Configuring Listeners Between Clients and Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

Directory Proxy Server supports the Start TLS extended operation. StartTLS can be used to provide security over a regular LDAP connection. With StartTLS, clients can bind to a non-secure port and then use the TLS protocol to initiate a secure connection.