When you create a Directory Server instance, a default self-signed certificate is automatically provided.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
To create a self-signed certificate with non-default settings, use this command:
$ dsadm add-selfsign-cert instance-path cert-alias |
Where cert-alias is a name that you provide to identify your certificate.
To see all the options for this command, see the dsadm(1M) man page or the command-line help:.
$ dsadm add-selfsign-cert --help |
When your self-signed certificate expires, stop the server instance and renew the certificate.
$ dsadm stop instance-path $ dsadm renew-selfsign-cert instance-path cert-alias |
Restart the server instance.
$ dsadm start instance-path |