Stop Directory Proxy Server.
$ dpadm stop /local/dps |
Turn off the certificate database password storage.
$ dpadm set-flags /local/dps cert-pwd-prompt=on Choose the certificate database password: Confirm the certificate database password: |
Set the PIN used to access the cryptographic framework by typing the pktool setpin command.
Use the same password that you typed when turning off the certificate database password storage.
Generate a key pair by using the cryptographic framework as the key store.
$ keytool -genkeypair -alias defaultDPScert -dname "ou=dps server,dc=example,dc=com" -keyalg RSA -sigalg MD5withRSA -validity 3652 -storetype PKCS11 -keystore NONE -storepass pin-password |
pin-password is the password that you set as the PIN with the pktool setpin command.
Edit the Directory Proxy Server configuration file, adding the following attributes to the base entry, cn=config.
serverCertificateNickName: defaultDPScert certificateKeyStore: NONE certificateKeyStoreType: PKCS11
Start Directory Proxy Server.
$ dpadm start /local/dps |