Class Security


  • public final class Security
    extends Object
    Utility class to create secure peer to peer communications settings in a newly set up OpenDJ instance.

    Securing communications means providing:

    • Certificate(s) which represent server identity
    • The certificate of the CA signing all servers certificates
    • Optionally a list of certificates of trusted servers

    Different strategies can be used:

    • Use the server's deployment ID. This is the default behavior and is suitable when the server is setup in a private network. In other words this strategy is not appropriate for public facing services for which a public CA certificate and SSL key-pair is generally needed
    • Provide existing CA cert and SSL key-pair. This strategy is more complex to configure but should generally be used when implementing public facing services or when the network security policy mandates the use of externally acquired and approved SSL assets.
    See Also:
    OPENDJ-5866