Enabling Secure Socket Layer (SSL)

Status

If you are...	This task is...
Installing a new iProcess Engine Version 11.8.0	Optional
Upgrading from an iProcess Engine Version 11.0 or later	Optional

Database

Oracle, DB2

Description

SSL provides a secure connection between a client and a server based on the SSL configurations at the client and server sides.

One, or both communicating applications has a public-private key pair. These keys are symmetric. Data encrypted with the public key can be decrypted with the private key, and vice versa.

To use SSL on all supported directory servers, the server's key pair must be pregenerated and configured in the server.

Procedure

To enable Secure Socket Layer (SSL), you must set up the connection to the LDAP server:

1.

Select the following option from the LDAPCONF menu:

[1] Set Connection Information

The following prompt is displayed:

Enter name of host on which the LDAP server resides (localhost):

2.

Enter the name of the machine where the LDAP server is running, either as a host name specified in your local machine’s hosts file, or as an IP address.

The following prompt is displayed:

Enter port number on host to connect to (389):

3.

Enter the TCP port number (a valid numeric value greater than 1) to connect to on the specified host. The default value for LDAP servers is 389.

The following prompt is displayed:

Enter the distinguished name of the entry to bind as (NULL):

4.

Enter the distinguished name (DN) of the entry which will be used to authenticate this connection to the LDAP server. (If you accept the default option LDAPCONF will connect as a default LDAP user.)

The following prompt is displayed:

Do you wish to change the password (Y/N):

5.

Enter:

—

Y, if you want to change the password associated with this entry. You will then be prompted to enter and confirm the new password.

—

N, if you want to use the existing password.

SSL is enabled, do you wish to disable it (Y/N):

or

SSL is disabled, do you wish to enable it (Y/N):

6.

Enter:

—

Y, if you want to change the status of SSL.

—

N, if you want to keep the current status of SSL.

If you enable SSL, the following prompt is displayed:

PATH to the Certificate Database for SSL(/home/certs/):

7.

Enter the path to the Certificate Database.

8.

If you have enabled SSL, the following prompt is displayed:

Is the target LDAP provider Microsoft Active Directory [No] (Y/N):

This is necessary because Microsoft Active Directory handles password changes differently from other LDAP providers.

Enter:

—

Y, if the LDAP server to which you are connecting uses Microsoft Active Directory.

—

N, if the LDAP server does not use Microsoft Active Directory. This is the default value.

The LDAPCONF main menu is re-displayed.

Once you have enabled SSL, iProcess Engine must be restarted for the change to take effect.

See Also

For more information about LDAPCONF, see LDAPCONF Utility User's Guide.

Top