Service manual
Importing Certificates
168 Sun ONE Directory Server Installation and Tuning Guide • June 2003
5. Make the external security module the default for RSA, DSA, RC4, and DES.
$ ./modutil -default "Crypto Mod" -dbdir ../../alias \
-mechanisms "RSA:DSA:RC4:DES" -dbprefix "slapd-serverID"
This should successfully change the default security module.
At this point you have generated bindings for the accelerator board and may
import certificates.
Importing Certificates
Before configuring SSL, you must import the server and CA certificates you
obtained as described in Table B-1 on page 165. Perform the following steps to
import the certificates.
1. Import the server certificate .p12 file.
$cdServerRoot/shared/bin
$ ./pk12util -i ServerCert.p12 -d ../../alias -P "slapd-serverID"\
-h "nobody@dsrealm"
Enter Password or Pin for "nobody@dsrealm": password
Enter Password for PKCS12 file: password
2.
Import the CA certificate.
$ ./certutil -A -n "Crypto CA Cert" -t CT -i CACert.txt \
-d ../../alias -P "slapd-serverID" -h "nobody@dsrealm"
3.
List the certificates associated with the token to ensure the imports succeeded.
$ ./certutil -L -d ../../alias -P "slapd-serverID"\
-h "nobody@dsrealm"
You should see entries for the certificates you added in Step 1 and Step 2.
At this point you have imported the certificates and may configure Directory
Serverto listen for SSL connections.
Configuring SSL
Using the token and password you created, bindings you generated between the
external security module and Directory Server certificate database, and the
certificates you imported, you may configure Directory Server to start in secure
mode. Perform these steps to configure SSL and restart Directory Server in secure
mode.