Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

ProcedureTo Install a CA-Signed Server Certificate for Directory Proxy Server

To trust the CA-signed server certificate, you must install the certificate on a Directory Proxy Server instance. This procedure installs the public key of a CA certificate to the certificate database on Directory Proxy Server.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. See if the trusted CA certificate for this CA is already installed.

    To do this, list all installed CA certificates, as described in To List CA Certificates.

  2. If the trusted CA certificate is not installed, add it to the certificate database on the Directory Proxy Server instance.


    $ dpadm add-cert instance-path cert-alias cert-file
    

    where cert-alias is the name of the trusted CA certificate and cert-file is the name of the file containing the trusted CA certificate.

  3. Install the CA-signed server certificate to the certificate database.


    $ dpadm add-cert instance-path cert-alias cert-file
    

    Where cert-alias is the name of the CA-signed server certificate and cert-file is the name of the file containing the CA-signed server certificate. Note that this cert-alias must be the same as the cert-alias used in the certificate request

    For example, you can add a CA-signed server certificate named CA-cert to the certificate database on/local/dps as follows:


    $ dpadm add-cert /local/dps CA-cert /local/safeplace/ca-cert-file.ascii