-
Notifications
You must be signed in to change notification settings - Fork 139
Installation with Secure Database Connection
Endi S. Dewata edited this page Sep 14, 2023
·
1 revision
- Installing CA with Secure Database Connection
- Installing KRA with Secure Database Connection
- Installing OCSP with Secure Database Connection
- Installing TKS with Secure Database Connection
- Installing TPS with Secure Database Connection
To install a new PKI subsystem using secure DS connection, add the following parameters into the deployment configuration file:
pki_ds_secure_connection=True pki_ds_hostname=<font color="red">server.example.com</font> pki_ds_ldaps_port=636 pki_ds_secure_connection_ca_nickname=<font color="red">ds_signing</font> pki_ds_secure_connection_ca_pem_file=<font color="red">ds_signing.crt</font>
The DS certificate will be imported into PKI's NSS database with the specified nickname.
Verify in DS access log (/var/log/dirsrv/slapd-pki-tomcat/access) that PKI server is connecting using SSL:
[29/Jun/2016:23:20:40 +0200] conn=36 fd=64 slot=64 SSL connection from <font color="red">server.example.com</font> to <font color="red">server.example.com</font> [29/Jun/2016:23:20:40 +0200] conn=36 TLS1.2 128-bit AES
Verify PKI server can communicate with the DS with the following command:
$ pki ca-cert-find
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |