Saturday, August 15, 2009

Disable SSL port on Sun Directory Server - Take Note!

We received an email from the Security Team of a local university. We maintain the Sun Java System Portal Server for them.

They detected port 636 running and asked what it is used for. Hmm... it was enabled, by default, when Sun Java System Directory Server was installed. (FYI, Portal Server requires Directory Server as the data source)

Ok, it's our fault. We should have disabled it. Any port that is not in use should be disabled. Otherwise, the Security Team will not be happy.

That's easy.

  • Navigate to the Security Tab.
  • Uncheck SSL Encryption.
  • Click Save.



On the Directory Servers Tab, it showed that the Secure Port 636 on both instances are disabled. I was happy.




Hmmm... I was not.



netstat was still showing port 636 to be running.


To ensure port 636 is disabled, do remember to RESTART the directory instances.

No comments:

Post a Comment