Run setup or manage-profile setup with
the following important arguments:
- Indicates that you want to configure the server to use a PKCS #11 token to access the listener certificate.
- Specifies the path to the provider configuration file that tells the JVM how to access the PKCS #11 token.
- Specifies the path to the file containing the user PIN needed to interact with the PKCS #11 token.
$ ./setup \ --no-prompt \ --noPropertiesFile \ --acceptLicense \ --localHostName demo.example.com \ --ldapPort 1389 \ --ldapsPort 1636 \ --httpsPort 1443 \ --usePKCS11KeyStore \ --pkcs11ProviderConfigFile config/path/to/provider.conf \ --keyStorePasswordFile /path/to/pkcs11/user.pin \ --encryptDataWithPassphraseFromFile config/encryption-settings.pin \ --baseDN dc=example,dc=com \ --rootUserDN "cn=Directory Manager" \ --rootUserPasswordFile config/pre-encoded-root-user-password.txt \ --instanceName demo-instance \ --location demo-location Ping Identity Directory Server 18.104.22.168 Initializing ..... Done Configuring Directory Server ..... Server tools will be configured with a minimal heap size due to limited system memory available. If out of memory errors occur, it will be necessary to increase tool memory settings in java.properties and run dsjavaproperties for the changes to take effect. Configuring Directory Server ..... Done Configuring Certificates ..... Done Starting Directory Server ..... Done Access product documentation from docs/index.htmlNote:
If you don't specify any trust store-related properties, then setup automatically generates a trust store populated with just the listener certificate, which works if the token is configured with a self-signed certificate, or if you’re using a certificate signed by an authority that is already included in the JVM’s default trust store.
However, if you’re using a certificate signed by a private authority, then you likely want to either provide an existing trust store, such as in JKS or PKCS #12 format, or you want to use the --trustedCertificatePEMFile argument to specify the paths to PEM files for any appropriate issuer certificates that you want to include in the trust store.
Page created: 26 Jul 2021 |
Page updated: 14 Jan 2022