C:\Documents and Settings\Raghuvir Kamath> keytool -genkey -alias server-cert -keyalg rsa -dname "CN=compapps.india.sun.com,O=SMI,C=IN" -keystore keystore -storetype JKS
Enter keystore password:adminadmin
Re-enter new password:adminadmin
Enter key password for (RETURN if same as keystore password):
This will create "keystore" in the location C:\Documents and Settings\Raghuvir Kamath
Step 2:- Self sign the keystore
Self Sign the certificate using keytool
D:\LDAP\openDS>keytool -selfcert -alias server-cert -validity 1825 -keystore keystore -storetype JKS
Enter keystore password:adminadmin
Step 3 :-Export the public key
D:\LDAP\openDS>keytool -export -alias server-cert -file server-cert.txt -rfc -keystore keystore
Enter keystore password:
Certificate stored in file
Step 4:- Create a new truststore
keytool -import -alias server-cert -file server-cert.txt -keystore truststore -storetype JKS
Type yes when you are prompted about whether you want to trust the certificate.
This step is needed only if the SSL and StartTLS settings were not specified during installation or if you want to change those settings
Step 5:- Install Open DS
Install Open DS 1.0.0 from the web as webinstaller https://opends.dev.java.net/
Step 6:- Configure SSL during installation
While installing , configure OpenDS for SSL , use existing keystore , the one created in step 2. give the keystore as input. Refer screenshots for this.
To Check if SSL and TLS is enabled on your LDAP server is use the statuspanel.bat from your LDAP server installation folder.
No comments:
Post a Comment