You can set up the Directory Server using an existing truststore for secure communication. This section assumes that you have an existing keystore and truststore with trusted certificates.

  • Unzip the distribution ZIP file, review Before You Begin, and then, from the server root directory, use setup with the --cli and --no-prompt options for non-interactive mode. The following example enables security using both SSL and StartTLS. It also specifies a JKS keystore and truststore that define the server certificate and trusted CA. The userRoot database contents will remain empty and the base DN entry will not be created.
    $ ./setup --cli --no-prompt --rootUserPassword "password" \ 
      --baseDN "dc=example,dc=com" --ldapPort 389 --enableStartTLS \ 
      --ldapsPort 636 --useJavaKeystore config/keystore.jks \ 
      --keyStorePasswordFile config/keystore.pin \
      --certNickName server-cert --useJavaTrustStore config/truststore.jks \ 
      --acceptLicense
    The password to the private key with the keystore is expected to be the same as the password to the keystore. If this is not the case, the private key password can be defined with the Administrative Console or the dsconfig tool by editing the Trust Manager Provider standard configuration object.