SSL Configuration on IBM TDS LDAP server

Configuring SSL for IBM TDS Instance is it possible.....

Yes below are the steps to do it....

Steps to enable SSL communication using self-signed certificates.

1. Login to LDAP server
2. Take a backup of ibmslapd.conf  file.
3. Run the below command to create a key database (CMS) to contain the server certificates as well as the server’s private and public keys.gsk8capicmd_64.exe -keydb -create -db E:\serverkey -pw password -type cms –stash
4. On successful completion of the above command, four files will be created: serverkey.kdb, serverkey.rdb, serverkey.crl, serverkey.sth
5. Create a self-signed certificate using the below command:gsk8capicmd_64.exe -cert -create -db E:\serverkey.kdb -pw password -label label_name -dn "cn=ldapcert,dc=com" -default_cert yes -expire 999
6. Create an ldif file to configure TDS server to use this certificate.

   dn: cn=SSL,cn=Configuration

   changetype: modify

   replace: ibm-slapdSslAuth

   ibm-slapdSslAuth: serverAuth

   -

   replace: ibm-slapdSecurity

   ibm-slapdSecurity: SSL

   dn: cn=SSL,cn=Configuration

   changetype: modify

   replace: ibm-slapdSSLKeyDatabase

   ibm-slapdSSLKeyDatabase: E:\serverkey.kdb

   -

   replace:ibm-slapdSslCertificate

   ibm-slapdSslCertificate: label_name

   -

   replace: ibm-slapdSSLKeyDatabasePW

   ibm-slapdSSLKeyDatabasePW: password

7.       Run ldapmodify command to update TDS server with SSL configuration:

ldapmodify -D cn=root -w bind_pwd -p port -i “ldif_file”

8.       Restart LDAP instance and admin server.