Setting Security PreferencesChapter 11 Managing SSL 38910. If you want Netscape Console to use SSL during communications withDirectory Server, select Use SSL in Netscape Console.11. If you configured Directory Server for certificate based client authentication,you can further configure the server to verify the authenticity of requests byselecting the “Check hostname against name in certificate for outbound SSLconnections” option. The server does this verification by matching thehostname against the value assigned to the Common Name (CN) attribute ofthe subject name in the certificate being presented for authentication.By default, this feature is disabled. If it’s enabled and if the hostname does notmatch the CN attribute of the certificate, appropriate error and audit messagesare logged. For example, in a replicated environment, messages similar to theseare logged in the supplier server’s log files if it finds that the peer server’shostname doesn’t match the name specified in its certificate:[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81(Netscape runtime error -12276 - Unable to communicate securelywith peer: requested domain name does not match the server'scertificate.)[DATE] NSMMReplicationPlugin - agmt="cn=to ultra60 client auth"(ultra60:1924): Replication bind with SSL client authenticationfailed: LDAP error 81 (Can’t contact LDAP server)It is recommended that you enable this option to protect Directory Server’soutbound SSL connections against a Man In The Middle (MITN) attack.12. Click Save.13. Restart the Directory Server.See “Starting the Server with SSL Enabled,” on page 40 for more information.Setting Security PreferencesYou can choose the type of ciphers you want to use for SSL communications. Acipher is the algorithm used in encryption. Some ciphers are more secure or strongerthan others. Generally speaking, the more bits a cipher uses during encryption, themore difficult it is to decrypt the key. For a more complete discussion of algorithmsand their strength, see Managing Servers with Netscape Console.