Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Installation Guide 11 g Release 1 (11.1.1.5.0) |
Quick Scan of Fully Installed and Running Directory Server Enterprise Edition
Directory Server Enterprise Edition Software Distributions
File and Process Ownership on Unix Systems
Part I Installing and Uninstalling Directory Server Enterprise Edition
2. Installing Directory Server Enterprise Edition
3. Uninstalling Directory Server Enterprise Edition
4. Installing and Uninstalling Directory Server Enterprise Edition Using Native Packages
A. Deploying the DSCC WAR File
B. Working With Sun Cryptographic Framework on Solaris 10 Systems
Using Directory Server With Cryptographic Hardware on a Solaris 10 System
Using Directory Proxy Server With Cryptographic Hardware on a Solaris 10 System
To Use Directory Proxy Server With Cryptographic Hardware on a Solaris 10 System
Set the PIN as the same user as the one running Directory Server.
The following command shows how to perform this step if the Directory Server instance is located under /local/ds/.
$ dsadm export-cert -o cert-file /local/ds defaultCert
Typically, the token is Sun Metaslot.
$ dsconf set-server-prop 'ssl-rsa-security-device:Sun Metaslot'
$ dsadm stop /local/ds
$ rm -f /local/ds/alias/*.db
This optional step ensures that no certificates are stored in the software database.
If you have not removed the certificate database, you do not need to run the modutil -create line in this example.
$ /usr/sfw/bin/64/modutil -create -dbdir /local/ds/alias -dbprefix slapd- $ /usr/sfw/bin/64/modutil -add "Solaris Kernel Crypto Driver" -libfile \ /usr/lib/64/libpkcs11.so -dbdir /local/ds/alias -dbprefix slapd- $ /usr/sfw/bin/64/modutil -enable "Solaris Kernel Crypto Driver" \ -dbdir /local/ds/alias -dbprefix slapd-
$ /usr/sfw/bin/64/pk12util -i cert-file \ -d /local/ds/alias -P slapd- -h "Sun Metaslot" $ /usr/sfw/bin/64/certutil -M -n "Sun Metaslot:defaultCert" -t CTu \ -d /local/ds/alias -P slapd-
If your accelerator board has a FIPS 140-2 keystore, for added security, make sure that the private key is stored on the device. Sun Crypto Accelerator 4000 and 6000 boards have FIPS 140-2 keystores, for example. The exact process depends on the board.
Note - Make sure that the cryptographic hardware supports the cipher suites that you want to use. Not all hardware supports all the cipher suites. As a workaround, you can use dsconf ssl-cipher-family to set specific suites.
This file is required only when the password is changed in step 1.
$ echo "Sun Metaslot:password" > /local/dsInst/alias/slapd-pin.txt
If the password has been changed in step 1, password is the new password, otherwise it is the one currently in use.
$ dsadm start /local/ds