This procedure is designed for use with Sun Crypto Accelerator hardware. Perform the following procedure as the same user who runs the Directory Proxy Server instance.
Stop Directory Proxy Server.
$ dpadm stop /local/dps |
Turn off certificate database password storage.
$ dpadm set-flags /local/dps cert-pwd-prompt=on Choose the certificate database password: Confirm the certificate database password: |
Set the PIN used to access the cryptographic framework with the pktool setpin command.
Use the same password that you entered when turning off certificate database password storage.
Generate a key pair, using the cryptographic framework as the key store.
$ keytool -genkeypair -alias defaultDPScert -dname "ou=dps server,dc=example,dc=com" -keyalg RSA -sigalg MD5withRSA -validity 3652 -storetype PKCS11 -keystore NONE -storepass pin-password |
Here, pin-password is the password you set as the PIN with the pktool setpin command.
Edit the Directory Proxy Server configuration file, adding the following attributes to the base entry, cn=config.
serverCertificateNickName: defaultDPScert certificateKeyStore: NONE certificateKeyStoreType: PKCS11
Start Directory Proxy Server.
$ dpadm start /local/dps |