GitHubContribute in GitHub: Open doc issue|Edit online

Client SSL configuration of IBM® Security Verify Directory Integrator components

You need to define a truststore to enable SSL support for IBM® Security Verify Directory Integrator as a client. The steps provided here will help you perform this task.

About this task

When an IBM® Security Verify Directory Integrator component is used as a client (for example the LDAP Connector) SSL mandates that a truststore to be used by IBM® Security Verify Directory Integrator must be defined. For information on keystores and truststores, see the documentation at http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

The following steps are required to enable SSL support for IBM® Security Verify Directory Integrator as a client:

  1. Configure a server (such as IBM® Security Verify Directory Integrator) to enable SSL.

  2. If the certificate in the server is a self-signed certificate, export the certificate.

  3. If you don't have a Java (jks) keystore file already, create a keystore file using keytool (found in root_directory/jvm/jre/bin, or root_directory/jvm/bin, depending on your platform) for IBM® Security Verify Directory Integrator.

  4. If the server certificate is a self-signed certificate, import the server certificate to the IBM® Security Verify Directory Integrator keystore file as a root authority certificate using keytool.

  5. Edit root_directory/etc/global.properties file for the keystore file location, keystore file password and keystore file type.

    Note: These four lines (comments starting with #) are no longer needed for client and server authentication to the IBM® Security Verify Directory Integrator server. Stores that belong to IBM® Security Verify Directory Integrator are set up to be used by default. This is part of enabling Remote Method Invocation (RMI) by default.

    # Keystore file information for the server TDI authentication. 
    # It is used to provide the public key of the TDI to the SSL enabled client.
    # javax.net.ssl.keyStore=D:\test\clientStore.jks
    # javax.net.ssl.keyStorePassword=secret
    # javax.net.ssl.keyStoreType=jks
    
  6. Enable SSL for the Connectors.

  7. Restart IBM® Security Verify Directory Integrator.

Note:

IBM® Security Verify Directory Integrator truststore and keystore do not play any part in SSL configuration for the Domino® Change Detection connector. See section Lotus Domino SSL specifics for more information.