SECURING
The TLS protocol always provides an encrypted, integrity-checked, communications channel and authenticated server identity. TLS servers can be optionally configured to request various forms of client identity authentication.
You must enable TLS on a protocol-by-protocol basis. Some Internet protocols do not support client certificate authentication.
To set up a port for TLS authentication, do the following:
1. Configure the port.
2. Determine whether you require users to access the server using only TLS, or both TLS and TCP/IP.
If you are using Internet Site documents, you configure most TLS port parameters in the Internet Site document for each protocol. However, you must still configure the following settings in the Server document for each Internet protocol: TCP/IP port and status, TLS port and status. You must also specify whether you want to enforce server access settings for the TCP/IP port of a given protocol.
Using server authentication only
Server authentication encrypts data and authenticates server identity. To control access to databases on the server by user name, set up name-and-password authentication. To enable TLS for server authentication only:
In addition to the security provided by server authentication, client certificate authentication verifies the client's identity through the use of Internet (x.509) client certificates. Using server and client certificate authentication, you can control access to databases by specifying individual client user names in the database ACLs. To enable TLS for client certificate authentication:
Configuring a port for TLS You can configure a port to use only server authentication or to use both server and client authentication.
Related concepts Name-and-password authentication for Internet/intranet clients TLS and S/MIME for clients TLS security
Related tasks Configuring a port for TLS Requiring a TLS connection to a server Setting up Domino security for Internet site documents