The server presents a server certificate when a client uses a protocol like LDAPS or HTTPS to initiate a secure connection. A client must trust the server's certificate to obtain a secure connection to it.
PingAuthorize Server uses server certificates.
During setup, administrators have the option of using self-signed certificates or certificate authority (CA)-signed certificates for the server certificate. Use CA-signed certificates wherever possible. Use self-signed certificates for demonstration and proof-of-concept environments only.
If you specify the option --generateSelfSignedCertificate during setup, the server certificate generates automatically with the alias server-cert. The key pair consists of the private key and the self-signed certificate, and is stored in a file named keystore, which resides in the server's /config directory. The certificates for all the servers that the server trusts are stored in the truststore file, which is also located under the server’s /config directory.
To override the server certificate alias and the files that store the key pair and certificates, use the following arguments during setup:
- --certNickname
- --use*Keystore
- --use*Truststore
For more information about these arguments, see the setup tool’s Help and the Installation Guide.