Securing Communications between ESCWA and MF Directory Server using TLS

Communications between ESCWA and a Directory Server can be secured by configuring TLS settings on the CONNECTION PROPERTIES page. See Connection Properties for more information.

To enable TLS security in ESCWA:

  1. In the menu bar, click NATIVE.
  2. In the navigation pane, expand Directory Servers.
  3. Click the directory server that you want to configure.
  4. Click PROPERTIES > Connection.
  5. Check Enable TLS.
  6. In the TLS Port field, type the port number to be used.
  7. Check Use Custom Certificates.
  8. In the Certificate File and Keyfile fields, type the path to your certificate and keyfile respectively.
  9. Click APPLY.
Note: The TLS Port specified is not required by the ESCWA configuration for the Directory Server.

The Certificate Authority (CA) list which ESCWA checks will either be at the location of the MF_ROOT_CERT environment variable or in your DemoCA installation (if installed) under private/CARootcert.pem. Make sure that the .pem file that is pointed to contains the public CA certificate information of the CA that has signed the certificate used by the MF Directory Server.

Note: If your TLS certificate's CN and Subject Alternative Names (SANs) are using hostnames rather than IP addresses, then you must ensure the MFDS_DNS_RESOLVE environment variable is set to Y for the Directory Server, otherwise TLS connections will fail.
Parent topic: Transport Layer Security (TLS) in ESCWA
Related reference
Communications Process
Connection Properties