For the LDAP connection handler, which accepts non-secure connections by default, you can enable StartTLS with a configuration change as in the following example.

dsconfig set-connection-handler-prop \
     --handler-name "LDAP Connection Handler" \
     --set allow-start-tls:true \
     --set key-manager-provider:JKS \
     --set trust-manager-provider:JKS \
     --set ssl-cert-nickname:server-cert \
     --set ssl-client-auth-policy:optional

If you want to require that clients use StartTLS when connected to the LDAP connection handler, use the reject-insecure-requests global configuration property.

dsconfig set-global-configuration-prop \
     --set reject-insecure-requests:true

If you did not configure secure communication during setup, then the LDAPS connection handler is disabled. Configuring LDAPS support requires enabling that connection handler and configuring most of the same settings. except allow-start-tls must be false and use-ssl must be true.

dsconfig set-connection-handler-prop \
     --handler-name "LDAPS Connection Handler" \
     --set enabled:true \
     --set key-manager-provider:JKS \
     --set trust-manager-provider:JKS \
     --set ssl-cert-nickname:server-cert \
     --set ssl-client-auth-policy:optional

Use a similar configuration change to enable the HTTPS connection handler.

dsconfig set-connection-handler-prop \
     --handler-name "HTTPS Connection Handler" \
     --set enabled:true \
     --set listen-port:443 \
     --set key-manager-provider:JKS \
     --set trust-manager-provider:JKS \
     --set ssl-cert-nickname:server-cert