If you've already configured a trust store, you can use the setup tool to enable security. The following example enables SSL security and specifies a Java KeyStore (JKS) and truststore that define the server certificate and trusted certificate authority (CA). The passwords for the keystore files are defined in the corresponding .pin files, where the password displays on the first line of the file. The values in the .pin files are copied to the server-root/config directory in the keystore.pin and truststore.pin files.

  • To install a PingDirectoryProxy server with a truststore, run the setup tool.
    $ env JAVA_HOME=/ds/java ./setup \ 
      --no-prompt --rootUserDN "cn=Directory Manager" \
      --rootUserPassword "password" \
      --ldapPort 389 --ldapsPort 636 \
      --useJavaKeystore /path/to/devkeystore.jks \ 
      --keyStorePasswordFile /path/to/devkeystore.pin \ 
      --certNickName server-cert \ 
      --useJavaTrustStore /path/to/devtruststore.jks \
      --acceptLicense \
      --instanceName ds1 --location Denver
      
    In order to update the trust store, the password must be provided
    
    See 'prepare-external-server --help' for general overview
    
    Testing connection to ds-east-01.example.com:1636 ..... Done
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access .....
    Created 'cn=Proxy User,cn=Root DNs,cn=config'
    
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ..... Done
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges ..... Done
    Verifying backend 'dc=example,dc=com' ..... Done