The following example provides a sample command line that
demonstrates the process for setting up the server in FIPS 140-2-compliant
mode. The server only accepts TLS-encrypted LDAP on port 636 and
TLS-encrypted HTTP on port 443, but doesn't allow unencrypted connections
from either LDAP or HTTP clients. BCFKS key and trust stores are generated
from information provided in PEM files, and an encryption settings
definition is generated from a specified passphrase.
./setup \
--fips-provider BCFIPS \
--no-prompt \
--acceptLicense \
--localHostName ds1.example.com \
--ldapsPort 636 \
--httpsPort 443 \
--baseDN "dc=example,dc=com" \
--rootUserDN "cn=Directory Manager" \
--rootUserPasswordFile /path/to/root-pw.txt \
--maxHeapSize 2g \
--primeDB \
--sampleData 10001 \
--certificateChainPEMFile /path/to/server-cert.pem \
--certificatechainPEMFile /path/to/ca-cert.pem \
--certificatePrivateKeyPEMFile /path/to/server-key.pem \
--trustedCertificatePEMFile /path/to/ca-cert.pem \
--encryptDataWithPassphraseFromFile /path/to/encryption-passphrase.txt \
--instanceName ds1 \
--location example-location \
--noPropertiesFile