test

Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

ProcedureTo Add a Certificate From a Back-End Directory Server to the Certificate Database on Directory Proxy Server

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Display the certificate from the back-end Directory Server in PEM format by using this command syntax:


    dsadm show-cert -F ascii instance-path [cert-alias]

    If you do not specify a cert-alias, the default server certificate is displayed. For a description of all command options, see the dsadm(1M) man page.

    For example, show the default self-signed server certificate as follows:


    $ dsadm show-cert -F ascii /local/ds defaultCert
-----BEGIN CERTIFICATE-----
MIICJjCCAY+gAwIBAgIFAIKL36kwDQYJKoZIhvcNAQEEBQAwVzEZMBcGA1UEChMQ
U3VuIE1pY3Jvc3lzdGVtczEZMBcGA1UEAxMQRGlyZWN0b3J5IFNlcnZlcjENMAsG
A1UEAxMEMjAxMTEQMA4GA1UEAxMHY29uZHlsZTAeFw0wNjA1MjIxMTQxNTVaFw0w
NjA4MjIxMTQxNTVaMFcxGTAXBgNVBAoTEFN1biBNaWNyb3N5c3RlbXMxGTAXBgNV
BAMTEERpcmVjdG9yeSBTZXJ2ZXIxDTALBgNVBAMTBDIwMTExEDAOBgNVBAMTB2Nv
bmR5bGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK9U3ry3sJmEzwQY8CGd
7S2MTZuBedo03Vea1lfDtD08WIsdDMzhHplTdeHAkWWNc8g2PDcEFXeWp9UXFMuD
Pcia7t8HtFkm73VmlriWhMd8nn3l2vkxhsPK2LHFEeOIUDR9LBBiMiEeLkjdoEhE
VLMSoYKqKI+Aa5grINdmtFzBAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAF4eDbSd7
qy2l10dIogT+rnXZ362gLTlQFCblhbGpmmptbegUdL1ITGv/62q1isPV2rW7CkjM
Cqb0fo3k5UkKKvW+JbMowpQeAPnlgpX612HuDr1tldnKV4eyU7gpG31t/cpACALQ
7OPi1A7oVb2Z8OJKfEJHkp3txBSsiI2gTkk=
-----END CERTIFICATE-----

  2. Save the certificate.

    Save your certificate in a text file, and back up the certificate in a safe location.

  3. Add the certificate from the back-end LDAP server to the certificate database on an instance of Directory Proxy Server.


    $ dpadm add-cert instance-path cert-alias cert-file

    where cert-alias is the name of the certificate and cert-file is the name of the file containing the certificate.

    For example, you could add the certificate defaultCert as follows:


    $ dpadm add-cert /local/dps defaultCert /local/safeplace/defaultCert.ascii