LDAP or AD LoginSites that use LDAP or AD (LAN) credentials Tufts username and Tufts Password to authenticate users must require SSL. Browsers that do not request SSL should be redirected to the SSL port. New systems should have a CA-signed certificate from the start; any old systems that have self-signed or manufacturer-provided certificates should be phased into valid, CA-signed certificates at the next opportunity. Some websites only encrypt the authentication portion of the connection to save processing power; avoid this temptation, and encrypt the entire session if at all possible. | 