Enabling the Transport Layer Security (TLS) allows you encrypting communications between LDAP Administrator and LDAP server over a nonsecure connection. In case using TLS gets no longer required, it can be turned off. Unlike SSL connection that stays encrypted for all of its life-time enabling and disabling TLS encryption lets you perform various encrypted operations during a conventional nonsecure LDAP session without the overhead of encrypting the entire LDAP session, but rather encrypting sensitive data only when TLS is turned on.
To be able to use the Start/Stop TLS feature, you must have Windows XP or higher installed on your PC.
To start or stop TLS encryption over an established nonsecure connection:
Connect to an LDAP server.
Click
Start/Stop TLS on the Server toolbar to enable or, if currently enabled, to disable TLS encryption.
An LDAP server can reject the "Start TLS" operation if:
It does not support the extended operation 1.3.6.14.1.1466.20037;
An SSL/TLS session is already in progress;
A bind operation is in progress;
There is an outstanding LDAP request on the connection.
In other cases please refer to your LDAP server documentation to investigate possible reasons.
While TLS encryption is being started over a nonsecure connection, a client certificate and/or a server certificate may be required for successful negotiation. Learn more about certificates exchange when starting TLS encryption. |