Secure Socket Layer (SSL)
The SSL protocol is used to provide secure connections between the directory server and directory clients.
The Sun Directory Services implementation of SSL functions in two modes:
-
Transport Layer Security (TLS)
-
SSL on Specific Port
The SSL on Specific Port mode uses a dedicated port, by default port 636. With the TLS security mode, at any time during an LDAP session you can use the Start TLS extended operation to open a secure connection. When using the Start TLS operation, the client can perform:
-
A simple bind
-
A SASL protected bind with CRAM-MD5
-
A SASL protected bind based on the authentication of the underlying SSL connection.
Both the TLS and SSL on Specific Port modes require an SSL key to authenticate the server. This key is specified using the IP address of the host machine. In both modes it is also possible to configure the server to authenticate clients.
SSL security is available only if the SSL and SKI (Sun Certificate Manager) libraries are available on the server where Sun Directory Services is installed. For details on prerequisites, refer to the installation instructions.
Note -
Due to legal restrictions in certain countries, SSL is not available worldwide.
- © 2010, Oracle Corporation and/or its affiliates