Sun Directory Server Enterprise Edition 7.0 Administration Guide

Exporting a Certificate to a Back-End LDAP Server

Back-end LDAP servers might require a certificate from Directory Proxy Server. This section describes how to configure Directory Proxy Server to export a certificate to a back-end LDAP server.

ProcedureTo Configure Directory Proxy Server to Export a Client Certificate to a Back-End LDAP Server

  1. Specify the certificate to be sent to the back-end LDAP server.

    $ dpconf set-server-prop -h host -p port ssl-client-cert-alias:cert-alias

    Where cert-alias is the name of the certificate. For a description of all command options, see the dpconf(1M) man page.

  2. Copy the contents of the certificate to a file.

    $ dpadm show-cert -F ascii -o filename instance-path cert-alias
  3. Add the certificate to the certificate database for the back-end LDAP server as described in To Add the CA-Signed Server Certificate and the Trusted CA Certificate.

Next Steps

Configure the back-end LDAP server for client authentication. For information about how to do this for Directory Server, see Configuring Credential Levels and Authentication Methods.

See Also

For information about configuring certificate-based authentication between clients and Directory Proxy Server, see To Configure Certificate-based Authentication.