Starting the Server with SSL EnabledChapter 11 Managing SSL and SASL 429Enabling SSL Only in the Directory Server:1. Obtain and install CA and server certificates.2. Set the secure port you want the server to use for SSL communications.The encrypted port number that you specify must not be the same port numberyou use for normal LDAP communications. By default, the standard portnumber is 389, and the secure port is 636. if you did not install the server asroot, change to a port number above 1024:a. Change the secure port number in the Configuration>Settings tab of theDirectory Server Console. Save.b. Restart the Directory Server. It will restart still with the regular port.3. In the Directory Server Console, select the Configuration tab, and then selectthe topmost entry in the navigation tree in the left pane. Select the Encryptiontab in the right pane.4. Select the “Enable SSL for this Server” checkbox.5. Check the “Use this Cipher Family” checkbox.6. Select the certificate that you want to use from the drop-down menu.7. Click Cipher Settings.The Cipher Preference dialog box is displayed. By default, all ciphers areselected.8. Set your preferences for client authentication.m Do not allow client authentication — With this option, the server willignore the client’s certificate. This does not mean that the bind will fail.m Allow client authentication — This is the default setting. With this option,authentication is performed on the client’s request. For more informationabout certificate-based authentication, see “Using Certificate-BasedAuthentication,” on page 435.m Require client authentication — With this option, the server requestsauthentication from the client.If you are only enabling SSL in the Directory Server, do not select “Requireclient authentication” checkbox.
