To Install a CA-Signed Server Certificate for Directory Proxy Server
To trust the CA-signed server certificate, you must install the certificate on a Directory Proxy Server instance. This procedure installs the public key of a CA certificate to the certificate database on Directory Proxy Server.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
-
See if the trusted CA certificate for this CA is already installed.
To do this, list all installed CA certificates, as described in To List CA Certificates.
-
If the trusted CA certificate is not installed, add it to the certificate database on the Directory Proxy Server instance.
$ dpadm add-cert instance-path cert-alias cert-file
where cert-alias is the name of the trusted CA certificate and cert-file is the name of the file containing the trusted CA certificate.
-
Install the CA-signed server certificate to the certificate database.
$ dpadm add-cert instance-path cert-alias cert-file
Where cert-alias is the name of the CA-signed server certificate and cert-file is the name of the file containing the CA-signed server certificate. Note that this cert-alias must be the same as the cert-alias used in the certificate request
For example, you can add a CA-signed server certificate named CA-cert to the certificate database on/local/dps as follows:
$ dpadm add-cert /local/dps CA-cert /local/safeplace/ca-cert-file.ascii
- © 2010, Oracle Corporation and/or its affiliates