The blind trust manager provider is a simple provider that trusts any certificate that is presented to it. It does not look at the expiration date, who signed the certificate, the subject or alternate names, or any other form of criteria.
The directory server provides a blind trust manager provider that is disabled by default. You can enable the provider by changing the value of the enabled attribute to true. The blind trust manager provider does not require any other configuration attributes. The following example uses [dsconfig] to configure the blind trust manager provider:
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -X\ set-trust-manager-provider-prop --provider-name "Blind Trust" --advanced
For a list of the configurable properties, see “Blind Trust Manager Provider Configuration” in the Sun OpenDS Standard Edition 2.0 Configuration Reference.
Caution - The blind trust manager provider is provided as a convenience for testing purposes only and should never be used in a production server, especially one that is configured to allow SASL EXTERNAL authentication. If a client attempts to use SASL EXTERNAL to authenticate to the directory server using a certificate and the server blindly accepts any certificate that the client presents, the user can create a self-signed certificate that allows it to impersonate any user in the directory.