Client SSL configuration of IBM® Security Verify Directory Integrator components
You need to define a truststore to enable SSL support for IBM® Security Verify Directory Integrator as a client. The steps provided here will help you perform this task.
About this task
When an IBM® Security Verify Directory Integrator component is used as a client (for example the LDAP Connector) SSL mandates that a truststore to be used by IBM® Security Verify Directory Integrator must be defined. For information on keystores and truststores, see the documentation at http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
The following steps are required to enable SSL support for IBM® Security Verify Directory Integrator as a client:
-
Configure a server (such as IBM® Security Verify Directory Integrator) to enable SSL.
-
If the certificate in the server is a self-signed certificate, export the certificate.
-
If you don't have a Java (jks) keystore file already, create a keystore file using keytool (found in root_directory/jvm/jre/bin, or root_directory/jvm/bin, depending on your platform) for IBM® Security Verify Directory Integrator.
-
If the server certificate is a self-signed certificate, import the server certificate to the IBM® Security Verify Directory Integrator keystore file as a root authority certificate using keytool.
-
Edit root_directory/etc/global.properties file for the keystore file location, keystore file password and keystore file type.
Note: These four lines (comments starting with #) are no longer needed for client and server authentication to the IBM® Security Verify Directory Integrator server. Stores that belong to IBM® Security Verify Directory Integrator are set up to be used by default. This is part of enabling Remote Method Invocation (RMI) by default.
# Keystore file information for the server TDI authentication. # It is used to provide the public key of the TDI to the SSL enabled client. # javax.net.ssl.keyStore=D:\test\clientStore.jks # javax.net.ssl.keyStorePassword=secret # javax.net.ssl.keyStoreType=jks
-
Enable SSL for the Connectors.
-
Restart IBM® Security Verify Directory Integrator.
Note:
IBM® Security Verify Directory Integrator truststore and keystore do not play any part in SSL configuration for the Domino® Change Detection connector. See section Lotus Domino SSL specifics for more information.