Skip to content

Installation with Secure Database Connection

Endi S. Dewata edited this page Sep 14, 2023 · 1 revision

PKI 10.7 or Newer

PKI 10.6 or Older

To install a new PKI subsystem using secure DS connection, add the following parameters into the deployment configuration file:

 pki_ds_secure_connection=True
 pki_ds_hostname=<font color="red">server.example.com</font>
 pki_ds_ldaps_port=636
 pki_ds_secure_connection_ca_nickname=<font color="red">ds_signing</font>
 pki_ds_secure_connection_ca_pem_file=<font color="red">ds_signing.crt</font>

The DS certificate will be imported into PKI's NSS database with the specified nickname.

Verify in DS access log (/var/log/dirsrv/slapd-pki-tomcat/access) that PKI server is connecting using SSL:

 [29/Jun/2016:23:20:40 +0200] conn=36 fd=64 slot=64 SSL connection from <font color="red">server.example.com</font> to <font color="red">server.example.com</font>
 [29/Jun/2016:23:20:40 +0200] conn=36 TLS1.2 128-bit AES

Verify PKI server can communicate with the DS with the following command:

 $ pki ca-cert-find

See Also

Clone this wiki locally