To Configure Directory Servers Involved in Replication so that all Replication Operations Occur Over an SSL Connection

1. Configure both the supplier and consumer servers to use SSL.

   Refer to Chapter 11, “Managing Authentication and Encryption” for details.

   ---

   Note -

   • Replication over SSL will fail if the supplier server certificate is an SSL server-only certificate that cannot act as a client during an SSL handshake.

   • Replication over SSL is currently unsupported with self-signed certificates.

   ---

2. If replication is not configured for the suffix on the consumer server, enable it as described in Chapter 8, “Enabling a Consumer Replica.”
3. Follow the procedure in Chapter 8, “Advanced Consumer Configuration,” to define the DN of the certificate entry on the consumer as another replication manager.
4. If replication is not configured for the suffix on the supplier server, enable it as described in Chapter 8, “Enabling a Hub Replica” or “Enabling a Master Replica.”
5. On the supplier server, create a new replication agreement to send updates to the consumer on the secure SSL port. Follow the procedure in Chapter 8, “Creating Replication Agreements,” for detailed instructions. Specify a secure port on the consumer server and select the SSL option of either using a password or a certificate. Enter a DN for the SSL option that you chose, either a replication manager or a certificate.

   After you finish configuring the replication agreement, the supplier will send all replication update messages to the consumer over SSL and will use certificates if you chose that option. Customer initialization will also use a secure connection if performed through the console using an agreement configure for SSL.