Setting up replication over a secure connection

 

Use this information to set up replication over a secure connection.

Replication over SSL should be set up in stages so that you can verify everything as you go through the process.

Before attempting to configure replication over a secure connection, you should complete the following tasks (in any order):

• Configure replication over a non-secure connection.

• Configure the consumer server to accept secure connections over the secure port. Verify that a client can use a secure connection to the consumer server, for example, by using the ldapsearch utility. If you want a supplier server to use a certificate for authentication, such as SASL external bind over SSL, you should first set up server authentication and then client and server authentication, where the "server" is the consumer server and the client is the supplier server.

  When the server is configured to use client and server authentication, all clients using SSL are required to have a client certificate.

• Configure the supplier server to trust the certificate authority that issued the consumer's certificate.

1. In the Web administration tool, click Manage topology under the Replication management category.

2. Choose one of the existing agreements that you want to make secure.

3. Choose Edit agreement... and select to use SSL making sure to use the correct port number. 636 is the standard secure port number.

4. Verify that replication over the agreement is working properly.

If you are only trying to set up replication to authenticate using a DN and a password over a secure connection, the preceding steps have done this for you. Authentication using a client certificate requires a different credentials object to be used by the supplier server in its agreement, as well as configuring the consumer server to accept that certificate as a supplier server.

 

Parent topic:

Replication tasks