Access Manager uses the LDAPS communications protocol to provide secure communications over the network with Directory Server. LDAPS is the standard LDAP protocol that runs on top of the Secure Sockets Layer (SSL) to encrypt data. The basic steps are as follows:
To configure Directory Server in SSL mode, you must obtain and install a server certificate, configure Directory Server to trust the CA’s certificate, and then enable SSL. For the detailed steps to complete these tasks, see Using SSL With Directory Server in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.
After you finish, or if your Directory Server is already SSL-enabled, continue with the next section to configure Access Manager to connect to the SSL-enabled Directory Server.
After Directory Server is configured for SSL mode, you must configure Access Manager to securely connect to Directory Server. You perform some of the following steps in the Access Manager Console, and then you edit the serverconfig.xml and AMConfig.properties files.
Login to the Access Manager Console as amadmin.
Click the Configuration tab.
Under Authentication Service Name, click LDAP.
On the LDAP pane:
Click Back to Configuration and then under Authentication Service Name, click Membership.
On the Membership pane:
Click Back to Configuration and then under Global Properties, click Policy Configuration.
On the Policy Configuration pane:
In the serverconfig.xml file, change the following values in the <Server> element:
For port, specify the SSL port to which Access Manager listens (default is 636).
For type, change SIMPLE to SSL.
In the AMConfig.properties file, set the following properties:
com.iplanet.am.directory.port=636 (if you are using the default port)
com.iplanet.am.directory.ssl.enabed=true
Restart the Access Manager web container.
The serverconfig.xml and AMConfig.properties files are in the following directory, depending on you platform:
Solaris systems: /etc/opt/SUNWam/config
Linux systems: /etc/opt/sun/identity/config