Enabling SSL Encryption with GSKit

Overview of SSL encryption and use of a key database to store your digital security certificates.

To ensure that communication between HCL Compass and the LDAP directory server is private and secure, you might want to enable Secure Sockets Layer (SSL). SSL is a protocol that encrypts data sent between clients and servers, such as Web browsers and Web servers or LDAP clients and LDAP servers. Use SSL to prevent identity thieves from obtaining user IDs and passwords that are sent between HCL Compass and the LDAP directory server.

To ensure secure communications, SSL uses digital certificates. You must store the certificate for the trusted Certificate Authority of your LDAP server's certificates in a key database. The HCL Compass installation procedure installs a utility, Global Security Kit (GSKit iKeyman), that you use to create a key database and create and import certificates.

Attention: A LDAP server that is used to perform SSL authentication must be RFC 5746 compliant. This corrects several security issues related to Transport Layer Security (TLS) renegotiation. An example of a compliant LDAP server is the Tivoli® Directory Server Version 6.3. Use of noncompliant LDAP servers might prevent the creation of SSL connections and thus the ability to log on to HCL Compass.

In your role as administrator, perform the following tasks to enable SSL encryption for your project team: