Communications between
ESCWA and a Directory Server can be secured by configuring TLS settings on the
CONNECTION PROPERTIES page. See
Connection Properties for more information.
To enable TLS security in
ESCWA:
- In the menu bar, click
NATIVE.
- In the navigation pane, expand
Directory Servers.
- Click the directory server that you want to configure.
- Click
.
- Check
Enable TLS.
- In the
TLS Port field, type the port number to be used.
- Check
Use Custom Certificates.
- In the
Certificate File and
Keyfile fields, type the path to your certificate and keyfile respectively.
- Click
APPLY.
Note: The
TLS Port specified is not required by the
ESCWA configuration for the Directory Server.
The Certificate Authority (CA) list which
ESCWA checks will either be at the location of the MF_ROOT_CERT environment variable or in your DemoCA installation (if installed)
under
private/CARootcert.pem. Make sure that the
.pem file that is pointed to contains the public CA certificate information of the CA that has signed the certificate used by
the MF Directory Server.
Note: If your TLS certificate's CN and Subject Alternative Names (SANs) are using hostnames rather than IP addresses, then you must
ensure the MFDS_DNS_RESOLVE environment variable is set to Y for the Directory Server, otherwise TLS connections will fail.