Book

SSL in DS/OpenDJ

This book provides information on SSL in DS/OpenDJ, including connections and certificates.


Printer friendly view

Table of Contents

  • 1 Configuration
    • 1.1 How do I configure LDAPS clients in DS/OpenDJ (All versions)?
    • 1.2 How do I disable TLS 1.3 when running DS 6.5 with Java 11?
    • 1.3 How do I troubleshoot connection via LDAPS issues in DS/OpenDJ (All versions)?
    • 1.4 How do I use externally created SSL keys with DS/OpenDJ (All versions)?
    • 1.5 How do I prevent the use of weak SSL cipher suites in DS/OpenDJ?
    • 1.6 How do I prevent the use of weak SSL cipher suites on DS/OpenDJ (All versions) administration port?
    • 1.7 How do I prevent the use of weak SSL cipher suites on DS/OpenDJ (All versions) replication port?
    • 1.8 How do I protect DS/OpenDJ (All versions) from the FREAK SSL/TLS Vulnerability?
    • 1.9 How do I configure DS/OpenDJ (All versions) to avoid the POODLE SSL vulnerability?
  • 2 Frequently Asked Questions
    • 2.1 FAQ: SSL certificate management in DS/OpenDJ
  • 3 Known Issues
    • 3.1 LDAP connection fails with No subject alternative DNS name matching error in AM 5.1.x, 6.x and DS 5.5.1, 5.5.2, 6.x
    • 3.2 AM 5.x and 6.0.0.x, IDM 6.x and Rest2LDAP cannot connect to DS 5.x or 6 after restricting DS cipher suites or Java upgrade
    • 3.3 SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
    • 3.4 SSL handshake failed with no cipher suites in common in DS 5 after restricting cipher suites or upgrading Java
    • 3.5 LDAPS client connections fail with SSLHandshakeException: no cipher suites in common in DS 5 and OpenDJ 3.x
    • 3.6 Invalid Padding length error when attempting to connect to DS 5 or OpenDJ 3.x via LDAPS
    • 3.7 DS (All versions) fails to start when using a JKS keystore from an earlier version
    • 3.8 Enabling or initializing replication interactively fails in DS (All versions) and OpenDJ 3.x with There is an error with the certificate presented by the server
Loading...