Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-5235

Allow external certificates to be used for replication during setup

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: config, security, setup
    • Labels:
      None
    • Story Points:
      0.5
    • Support Ticket IDs:

      Description

      Currently, theĀ setup tool allows the use of external stores for SSL/TLS communications with the following parameters.

      -N, --certNickname {nickname}
      Nickname of a keystore entry containing a certificate that the server
      should use when negotiating secure connections using StartTLS or SSL.
      Multiple keystore entries may be provided by using this option multiple
      times
      
      -W, --keyStorePassword {keyStorePassword}
      Keystore cleartext password. The keystore password is required when you
      specify an existing file-based keystore (JKS, JCEKS, PKCS#12)
      -u, --keyStorePasswordFile {keyStorePasswordFile}
      Path to a file containing the keystore password. The keystore password is
      required when you specify an existing file-based keystore (JKS, JCEKS,
      PKCS#12)
      
      --useJavaKeyStore {keyStorePath}
      Path of a JKS keystore containing the certificate(s) that the server should
      use when negotiating secure connections using StartTLS or SSL
      --useJceKeyStore {keyStorePath}
      Path of a JCEKS keystore containing the certificate(s) that the server
      should use when negotiating secure connections using StartTLS or SSL
      --usePkcs11KeyStore
      Use certificate(s) in a PKCS#11 token that the server should use when
      accepting SSL-based connections or performing StartTLS negotiation
      --usePkcs12KeyStore {keyStorePath}
      Path of a PKCS#12 keystore containing the certificate(s) that the server
      should use when negotiating secure connections using StartTLS or SSL
      

      DS should also allow the use of external certs "at setup time" for replication as opposed to the long manualĀ process to import external certificates.

        Attachments

          Activity

            People

            • Assignee:
              ludo Ludovic Poitou
              Reporter:
              lee.trujillo Lee Trujillo
              Dev Assignee:
              Ludovic Poitou
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: