GitHubContribute in GitHub: Open doc issue|Edit online

Server Security Modes

You can run the IBM® Security Verify Directory Integrator Server in two modes: standard and secure. Learn more about these through the information provided here.

.

Standard mode
When run in standard mode, the Server does not PKI encrypt configurations saved on disk, unless a specific Server API call that requests PKI encryption is invoked. When in this mode the Server is able to read both encrypted and unencrypted configurations.

Secure mode
When run in secure mode the Server encrypts all configurations it saves on the disk using PKI encryption. In secure mode the Server can only read and load encrypted configurations. When the system property com.ibm.di.server.securemode is set to "true", the Server runs in secure mode. (A system property for the use of the IBM® Security Verify Directory Integrator Server can be set by adding it in the *global.properties or solution.properties file or directly specify it on the java command line when starting the IBM® Security Verify Directory Integrator server: -Dcom.ibm.di.server.securemode=true) *

If the command line option -e is specified on the java command line when starting the Server, it runs in secure mode regardless of the value of the com.ibm.di.server.securemode system property.

Note: Pre-

IBM® Security Verify Directory Integrator 6.0 password-based encryption of configuration files is supported for compatibility with earlier versions. Password-based encryption is used when the user specifies a password when creating the configuration. Pre-IBM® Security Verify Directory Integrator 6.0 password-based configuration encryption cannot be combined with PKI encryption. If you specify a password when the Server is run in secure mode, an error message is displayed.