PingDirectory

Installing the server with a truststore

About this task

If you’ve already configured a trust store, you can use the setup command to enable security. The following example enables SSL security and specifies a Java KeyStore (JKS) and truststore that define the server certificate and trusted certificate authority (CA). The passwords for the keystore files are defined in the corresponding .pin files, where the password displays on the first line of the file. The values in the .pin files are copied to the server-root/config directory in the keystore.pin and truststore.pin files.

Steps

  1. To install a PingDirectoryProxy server with a truststore, run the setup command.

$ env JAVA_HOME=/ds/java ./setup \
  --no-prompt --rootUserDN "cn=Directory Manager" \
  --rootUserPassword "password" \
  --ldapPort 389 --ldapsPort 636 \
  --useJavaKeystore /path/to/devkeystore.jks \
  --keyStorePasswordFile /path/to/devkeystore.pin \
  --certNickName server-cert \
  --useJavaTrustStore /path/to/devtruststore.jks \
  --acceptLicense \
  --instanceName ds1 --location Denver

In order to update the trust store, the password must be provided

See 'prepare-external-server --help' for general overview

Testing connection to ds-east-01.example.com:1636 ..... Done
Testing 'cn=Proxy User,cn=Root DNs,cn=config' access .....
Created 'cn=Proxy User,cn=Root DNs,cn=config'

Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ..... Done
Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges ..... Done
Verifying backend 'dc=example,dc=com' ..... Done