If you've already configured a trust store, you can use the setup tool to enable security. The following example enables SSL security and specifies a Java KeyStore (JKS) and truststore that define the server certificate and trusted certificate authority (CA). The passwords for the keystore files are defined in the corresponding .pin files, where the password displays on the first line of the file. The values in the .pin files are copied to the server-root/config directory in the keystore.pin and truststore.pin files.

  • To install a Directory Server with a truststore, run the setup tool.
    $ env JAVA_HOME=/ds/java ./setup \ 
      --no-prompt --rootUserDN "cn=Directory Manager" \
      --rootUserPassword "password" \
      --ldapPort 389 --ldapsPort 636 \
      --useJavaKeystore /path/to/devkeystore.jks \ 
      --keyStorePasswordFile /path/to/devkeystore.pin \ 
      --certNickName server-cert \ 
      --useJavaTrustStore /path/to/devtruststore.jks \
      --acceptLicense \
      --instanceName ds1 --location Denver
    In order to update the trust store, the password must be provided
    See 'prepare-external-server --help' for general overview
    Testing connection to ds-east-01.example.com:1636 ..... Done
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access .....
    Created 'cn=Proxy User,cn=Root DNs,cn=config'
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ..... Done
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges ..... Done
    Verifying backend 'dc=example,dc=com' ..... Done