Installing the server with a truststore
About this task
If you’ve already configured a trust store, you can use the setup
command to enable security. The following example enables SSL security and specifies a Java KeyStore (JKS) and truststore that define the server certificate and trusted certificate authority (CA). The passwords for the keystore files are defined in the corresponding .pin
files, where the password displays on the first line of the file. The values in the .pin
files are copied to the server-root/config
directory in the keystore.pin
and truststore.pin
files.
Steps
-
To install a PingDirectoryProxy server with a truststore, run the
setup
command.
$ env JAVA_HOME=/ds/java ./setup \
--no-prompt --rootUserDN "cn=Directory Manager" \
--rootUserPassword "password" \
--ldapPort 389 --ldapsPort 636 \
--useJavaKeystore /path/to/devkeystore.jks \
--keyStorePasswordFile /path/to/devkeystore.pin \
--certNickName server-cert \
--useJavaTrustStore /path/to/devtruststore.jks \
--acceptLicense \
--instanceName ds1 --location Denver
In order to update the trust store, the password must be provided
See 'prepare-external-server --help' for general overview
Testing connection to ds-east-01.example.com:1636 ..... Done
Testing 'cn=Proxy User,cn=Root DNs,cn=config' access .....
Created 'cn=Proxy User,cn=Root DNs,cn=config'
Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ..... Done
Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges ..... Done
Verifying backend 'dc=example,dc=com' ..... Done