PingDirectory

Installing the PingDirectory server with a truststore

You can set up the PingDirectory server in non-interactive mode using an existing truststore for secure communication. This section assumes that you have an existing keystore and truststore with trusted certificates.

About this task

Steps

  • Unzip the distribution .zip file and, from the server root directory, run the setup command with the --no-prompt option for non-interactive mode. The following example enables security using both SSL and StartTLS. It also specifies a JKS keystore and truststore that define the server certificate and trusted CA. The userRoot database contents will remain empty and the base DN entry will not be created.

    Example:

    $ ./setup --no-prompt --rootUserPassword "password" \
      --baseDN "dc=example,dc=com" --ldapPort 389 --enableStartTLS \
      --ldapsPort 636 --useJavaKeystore config/keystore.jks \
      --keyStorePasswordFile config/keystore.pin \
      --certNickName server-cert --useJavaTrustStore config/truststore.jks \
      --acceptLicense --instancename Instance1 --location Location1

    The password to the private key with the keystore is expected to be the same as the password to the keystore. If this is not the case, the private key password can be defined with the administrative console or the dsconfig command by editing the Trust Manager Provider standard configuration object.