When you create a Directory Proxy Server instance, a default self-signed certificate is automatically provided. If you want to create a self-signed certificate with non-default settings, use this procedure.
The procedure creates the public and private key pair for a server certificate, where the public key is signed by Directory Proxy Server. A self-signed certificate is valid for three months.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
To create a non-default self-signed certificate for Directory Proxy Server, type:
$ dpadm add-selfsign-cert instance-path cert-alias
where cert-alias is the name of the self-signed certificate.
For example, you could create a certificate called my-self-signed-cert as follows:
$ dpadm add-selfsign-cert /local/dps my-self-signed-cert
For a description of all command options, see the dpadm(1M) man page or type dpadm add-selfsign-cert --help at the command line.