Securing Communications between ESCWA and MF Directory Server using TLS

Communications between ESCWA and a Directory Server can be secured by configuring TLS settings on the MF Directory Server Security Configuration page. See MF Directory Server Security for more information.

To enable TLS security:

  1. In Enterprise Server Administration, click Security.
  2. Click MF Directory Server tab.
  3. Click Restrict administration access, and then click Use encrypted connections.
  4. In the Secure Port field, type the port number to be used.
  5. Click Use custom server ID certificate
  6. In the Certificate and Keyfile fields, type the path to your certificate and keyfile respectively.
Note: The Secure Port specified is not required by the ESCWA configuration for the Directory Server.

The Certificate Authority (CA) list which ESCWA checks will either be at the location of the MF_ROOT_CERT environment variable or in your DemoCA installation (if installed) under private/CARootcert.pem. Make sure that the .pem file that is pointed to contains the public CA certificate information of the CA that has signed the certificate used by the MF Directory Server.