Red Hat Directory Server 8.0 Administrator's Guide
2
The commands to start, stop, and restart the Directory Server on platforms other than Red Hat Enterprise Linux is
described in Section 3, “Starting and Stopping Servers”.
2
service dirsrv restart instance
When the server restarts, it prompts for the PIN or password to unlock the key database. This
is the same password used when the server certificate and key were imported into the
database.
To restart the Directory Server without the password prompt, create a PIN file or use a
hardware crypto device. See Section 4.3, “Creating a Password File for the Directory Server”
for information on how to create a PIN file.
4.2. Enabling TLS/SSL in the Directory Server, Administration
Server, and Console
1. Obtain server certificates and CA certs, and install them on the Directory Server. This is
described in Section 2, “Obtaining and Installing Server Certificates”.
2. Obtain and install server and CA certificates on the Administration Server. This is a similar
process as for the Directory Server.
NOTE
It is important that the Administration Server and Directory Server have a CA
certificate in common so that they can trust the other's certificates.
3. If the default port number of 636 is not used, change the secure port setting.
a. Change the secure port number in the Configuration>Settings tab of the Directory
Server Console, and save.
b. Restart the Directory Server. It restarts over the regular port.
2
service dirsrv restart instance
4. In the Configuration tab of the Directory Server Console, highlight the server name at the
top of the table, and select the Encryption tab.
5. Select the Enable SSL checkbox.
6. Check the Use this Cipher Family checkbox.
7. Select the certificate to use from the drop-down menu.
Chapter 11. Managing SSL
408