To provide secure communications over the network, Access Manager includes the LDAPS communications protocol. LDAPS is the standard LDAP protocol, but it runs on top of the Secure Sockets Layer (SSL). In order to enable SSL communication, you must first configure the Directory Server in SSL mode and then connect Access Manager to Directory Server. The basic steps are as follows:
Obtain and install a certificate for your Directory Server, and configure the Directory Server to trust the certification authority’s (CA) certificate
Turn on SSL in your directory.
Configure the authentication, policy and platform services to connect to an SSL-enabled Directory Server.
Configure Access Manager to securely connect to the Directory Server backend.
In order to configure the Directory Server in SSL mode, you must obtain and install a server certificate, configure the Directory Server to trust the CA’s certificate and enable SSL. Detailed instructions on how to complete these tasks are included in Chapter 11, “Managing Authentication and Encryption” in the Directory Server Administration Guide. This document can be found in the following location:
http://docs.sun.com/coll/DirectoryServer_04q2
If your Directory Server is already SSL-enabled, go to the next section for details on connecting Access Manager to Directory Server.
Once the Directory Server has been configured for SSL mode, you need to securely connect Access Manager to the Directory Server backend.
In the Access Manager Console, go to the LDAP Authentication service in the Service Configuration module.
Go to the Membership Authentication service in the Service Configuration module.
Go to the Policy Configuration service located in Service Configuration.
Open the serverconfig.xml in a text editor. The file is in the following location:
/etc/opt/SUNWam/config
Open the AMConfig.properties file from the following default location:
/etc/opt/SUNWam/config.
Change the following properties:
Restart the server