...
StartTLS in an extension to the LDAP protocol which uses the TLS protocol to encrypt communication. It works by establishing a normal - i.e. insecure unsecured - connection with the LDAP server before a handshake negotiation between the server and the web services is carried out. Here, the server sends its certificate to prove its identity before the secure connection is established. If negotiation for a secure connection is unsuccessful then a standard LDAP connection may be opened. Whether or not this occurs depends on the LDAP server and its configuration.
...
- The current article describes the configuration of StartTLS for use with the JOC Cockpit web services and provides Web Service Truststore, as well as providing a code example for calling LDAPS from the shiro.ini file. Users wishing to configure their server to use LDAPS should refer their LDAP server administrator.
...