PingAuthorize

Configuring TLS connection handlers

After you configure the key and trust manager providers, update the connection handlers to use the key and trust manager providers.

Steps

  • For the LDAP connection handler, use the following command to enable StartTLS with a configuration change. By default, the LDAP connection handler accepts non-secure connections.

    Example:

    dsconfig set-connection-handler-prop \
      --handler-name "LDAP Connection Handler" \
      --set allow-start-tls:true \
      --set key-manager-provider:JKS \
      --set trust-manager-provider:JKS \
      --set ssl-cert-nickname:server-cert \
      --set ssl-client-auth-policy:optional
  • If you did not configure secure communication during setup, the LDAPS connection handler is disabled. To configure LDAPS support in this scenario, enable the connection handler and configure most of the same settings. You must set allow-start-tls to false and use-ssl to true. See the following code for an example configuration.

    Example:

    dsconfig set-connection-handler-prop \
      --handler-name "LDAPS Connection Handler" \
      --set enabled:true \
      --set key-manager-provider:JKS \
      --set trust-manager-provider:JKS \
      --set ssl-cert-nickname:server-cert \
      --set ssl-client-auth-policy:optional

    Example:

    The following example uses a similar configuration change to enable the HTTPS connection handler.

    dsconfig set-connection-handler-prop \
      --handler-name "HTTPS Connection Handler" \
      --set enabled:true \
      --set listen-port:443 \
      --set key-manager-provider:JKS \
      --set trust-manager-provider:JKS \
      --set ssl-cert-nickname:server-cert