To Use Directory Proxy Server With Cryptographic Hardware on a Solaris 10 System (Sun Java System Directory Server Enterprise Edition 6.1 Installation Guide)

Sun Java System Directory Server Enterprise Edition 6.1 Installation Guide

To Use Directory Proxy Server With Cryptographic Hardware on a Solaris 10 System

Before You Begin

This procedure is designed for use with Sun Crypto Accelerator hardware. Perform the following procedure as the same user who runs the Directory Proxy Server instance.

Stop Directory Proxy Server.
$ dpadm stop /local/dps

Turn off certificate database password storage.

$ dpadm set-flags /local/dps cert-pwd-prompt=on
Choose the certificate database password:
Confirm the certificate database password:

Set the PIN used to access the cryptographic framework with the pktool setpin command.

Use the same password that you entered when turning off certificate database password storage.

Generate a key pair, using the cryptographic framework as the key store.

$ keytool -genkeypair -alias defaultDPScert
 -dname "ou=dps server,dc=example,dc=com" -keyalg RSA -sigalg MD5withRSA
 -validity 3652 -storetype PKCS11 -keystore NONE -storepass pin-password

Here, pin-password is the password you set as the PIN with the pktool setpin command.

Edit the Directory Proxy Server configuration file, adding the following attributes to the base entry, cn=config.
```
serverCertificateNickName: defaultDPScert
certificateKeyStore: NONE
certificateKeyStoreType: PKCS11
```

Start Directory Proxy Server.
$ dpadm start /local/dps