Browsing LDAP directories or performing directory operations on an LDAP server are potentially hazardous in terms of information security because sensitive personal data, including passwords, credit card numbers or phone numbers, travels over the wire in plain text. In order to provide for sufficient data protection and privacy, communications between LDAP Administrator and LDAP server can be encrypted by enabling the Secure Socket Layer (SSL) or Transport Layer Security (TLS). Encryption "scrambles" the information before it is sent, and decryption "unscrambles" it after it is received. The foundation for this encryption is the SSL 3.0 protocol, which provides a secure way of establishing an encrypted communication link between LDAP Administrator and LDAP server. SSL confirms the authenticity of LDAP server and, optionally, the identity of the client accessing restricted LDAP servers.

Certificates include keys used in establishing a secure connection. A key is a unique value used to authenticate the LDAP server and the client in establishing a secure connection. An LDAP server uses the certificate keys to negotiate a secure connection with LDAP Administrator and to determine the level of encryption required for securing communications.

For this type of connection, both the LDAP server and LDAP Administrator must support compatible encryption and decryption techniques. During the exchange an encryption, or session, key is created. Both the LDAP server and LDAP Administrator use the session key to encrypt and decrypt transmitted information. The degree of encryption, or strength, of a session key is measured in bits. The greater the number of bits comprising the session key, the greater the level of encryption and security. Although these greater encryption key strengths offer greater security, they also require more server resources to implement. LDAP Administrator supports all session key lengths that are supported by the installed OS. Typically session keys are 48 bits or 56 bits long, but can be 128 bits long if supported by the operating system.