If you use an LDAP directory as your registry, WebSphere® Application Server verifies the password of a user by using the standard ldap_bind, which requires sending the password to the LDAP directory server. A password can flow in clear text when you use a non-SSL channel between WebSphere and the LDAP directory server. To use SSL, create a certificate for the LDAP directory and import it into the truststore of your server. Also enable SSL on your LDAP directory server. For more details, see LDAP directory server and application server documentation.