[OPENDJ-5235] Allow external certificates to be used for replication during setup Created: 02/Jul/18  Updated: 28/May/20  Resolved: 28/May/20

Status: Done
Project: OpenDJ
Component/s: config, security, setup
Affects Version/s: 7.0.0
Fix Version/s: 7.0.0

Type: Improvement Priority: Major
Reporter: Lee Trujillo Assignee: Ludovic Poitou
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
Story Points: 0.5
Dev Assignee: Ludovic Poitou
Support Ticket IDs:

 Description   

Currently, theĀ setup tool allows the use of external stores for SSL/TLS communications with the following parameters.

-N, --certNickname {nickname}
Nickname of a keystore entry containing a certificate that the server
should use when negotiating secure connections using StartTLS or SSL.
Multiple keystore entries may be provided by using this option multiple
times

-W, --keyStorePassword {keyStorePassword}
Keystore cleartext password. The keystore password is required when you
specify an existing file-based keystore (JKS, JCEKS, PKCS#12)
-u, --keyStorePasswordFile {keyStorePasswordFile}
Path to a file containing the keystore password. The keystore password is
required when you specify an existing file-based keystore (JKS, JCEKS,
PKCS#12)

--useJavaKeyStore {keyStorePath}
Path of a JKS keystore containing the certificate(s) that the server should
use when negotiating secure connections using StartTLS or SSL
--useJceKeyStore {keyStorePath}
Path of a JCEKS keystore containing the certificate(s) that the server
should use when negotiating secure connections using StartTLS or SSL
--usePkcs11KeyStore
Use certificate(s) in a PKCS#11 token that the server should use when
accepting SSL-based connections or performing StartTLS negotiation
--usePkcs12KeyStore {keyStorePath}
Path of a PKCS#12 keystore containing the certificate(s) that the server
should use when negotiating secure connections using StartTLS or SSL

DS should also allow the use of external certs "at setup time" for replication as opposed to the long manualĀ process to import external certificates.



 Comments   
Comment by Ludovic Poitou [ 28/May/20 ]

Addressed in 7.0.

Generated at Sun Sep 27 19:55:10 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.