Editing directory service properties to enable TLS

After you add the root signer certificate for an LDAP server to the SafeLinx Server, configure the directory service to use secure connections.

Before you can complete this task, use the GSKit to add the root signer certificate for the LDAP server to the SafeLinx Server.

After you add the root signer certificate for the LDAP server to the SafeLinx Server, use SafeLinx Administrator to configure the directory service properties and complete the TLS configuration.

The Directory service server definition for the LDAP server must be configured to use secure connections. Enable the setting Use secure connections to enable the SafeLinx Server to establish secure connections to the LDAP server.

You can also specify whether to use only FIPS 140-2 approved ciphers to encrypt data that is exchanged with the LDAP server.

Edit the directory service properties to reference the key database file that contains the signer certificate for the LDAP server, and the stash password file for the key database.

The following procedure describes how to edit the directory service properties so that you can use TLS to secure the connection.

  1. To use one of the default key database files, from the SafeLinx Server installation directory, open the file, and, when prompted, type the password. The default password is trusted.
    You can use any key database file on the server. In Step 10, specify the name of this key database file in the directory service properties.
    For example, to use the key database file that is used for HTTP access services, open http.trusted.kdb.
  2. Browse for the certificate file that you want to add and click OK.
  3. When prompted to assign a label to the certificate, type the fully qualified host name of the LDAP server, and then click OK.
  4. Click Key Database File > Close.
    You are now ready to configure the directory service properties for the LDAP server.
  5. From the Resources tab of the SafeLinx Administrator, open the Directory services server definition, select LDAP server that you want to configure and then click Properties.
  6. From the SSL page, select Use secure connection, then type the name of the key database where you saved the certificate in Step 4, and the name of the stash password file. Click OK.
  7. Restart the SafeLinx Server to put the certificate changes into effect.
    Any time that you modify a key database, you must restart the SafeLinx Server to activate the change.