Securing Communications Process to MF Directory Server using TLS

ESCWA can communicate to a remotely hosted MF Directory Server and its enterprise server instances. The instances use a Communication Processes to connect to the MF Directory Server. If you have configured your MF Directory Server to use TLS then you need to configure the Communications Process to communicate as a TLS enabled client. See Communications Process for more information.

Communications between Communications Process and a Directory Server can be secured by configuring TLS settings on the Directory Server's CONNECTION PROPERTIES page. See Connection Properties for more information. Check Enable TLS, and then check Use Custom Certificates. Specify your certificate and keyfile information.

Note: The Certificate Authority (CA) list which the Communications Process checks will be on a different host to ESCWA if that is where the process runs. The CA list is either located at the location specified by the MF_ROOT_CERT environment variable or in your DemoCA installation (if installed) at private/CARootcert.pem. Ensure that the .pem file that is pointed to contains the public CA certificate information of the CA that has signed the certificate used by the MF Directory Server.

The Directory Server currently does not support authentication to a Communications Process using a client certificate. The Directory Server is not able to connect to a Communications Process TLS-enabled listener that is configured to require client certificate authentication.