Installing the PingDirectory server with a truststore
You can set up the PingDirectory server in non-interactive mode using an existing truststore for secure communication. This section assumes that you have an existing keystore and truststore with trusted certificates.
About this task
Steps
-
Unzip the distribution
.zip
file and, from the server root directory, run thesetup
command with the--no-prompt
option for non-interactive mode. The following example enables security using both SSL and StartTLS. It also specifies a JKS keystore and truststore that define the server certificate and trusted CA. TheuserRoot
database contents will remain empty and the base DN entry will not be created.Example:
$ ./setup --no-prompt --rootUserPassword "password" \ --baseDN "dc=example,dc=com" --ldapPort 389 --enableStartTLS \ --ldapsPort 636 --useJavaKeystore config/keystore.jks \ --keyStorePasswordFile config/keystore.pin \ --certNickName server-cert --useJavaTrustStore config/truststore.jks \ --acceptLicense --instancename Instance1 --location Location1
The password to the private key with the keystore is expected to be the same as the password to the keystore. If this is not the case, the private key password can be defined with the administrative console or the
dsconfig
command by editing the Trust Manager Provider standard configuration object.