---
title: Configuring connection handlers
description: After you have configured the key and trust manager providers, you can update the connection handlers to use them.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_security_guide:pd_sec_config_connection_handlers
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_config_connection_handlers.html
revdate: September 13, 2023
---

# Configuring connection handlers

After you have configured the key and trust manager providers, you can update the connection handlers to use them.

For the LDAP connection handler, which accepts non-secure connections by default, you can enable StartTLS with a configuration change as in the following example.

```
dsconfig set-connection-handler-prop \
     --handler-name "LDAP Connection Handler" \
     --set allow-start-tls:true \
     --set key-manager-provider:JKS \
     --set trust-manager-provider:JKS \
     --set ssl-cert-nickname:server-cert \
     --set ssl-client-auth-policy:optional
```

If you want to require that clients use StartTLS when connected to the LDAP connection handler, use the reject-insecure-requests global configuration property.

```
dsconfig set-global-configuration-prop \
     --set reject-insecure-requests:true
```

If you did not configure secure communication during setup, then the LDAPS connection handler is disabled. Configuring LDAPS support requires enabling that connection handler and configuring most of the same settings. except `allow-start-tls` must be false and `use-ssl` must be true.

```
dsconfig set-connection-handler-prop \
     --handler-name "LDAPS Connection Handler" \
     --set enabled:true \
     --set key-manager-provider:JKS \
     --set trust-manager-provider:JKS \
     --set ssl-cert-nickname:server-cert \
     --set ssl-client-auth-policy:optional
```

Use a similar configuration change to enable the HTTPS connection handler.

```
dsconfig set-connection-handler-prop \
     --handler-name "HTTPS Connection Handler" \
     --set enabled:true \
     --set listen-port:443 \
     --set key-manager-provider:JKS \
     --set trust-manager-provider:JKS \
     --set ssl-cert-nickname:server-cert
```