IBM Security Directory Integrator, Version 7.2

Client SSL configuration of IBM Security Directory Integrator components

When an IBM® Security Directory Integrator component is used as a client (for example the LDAP Connector) SSL mandates that a truststore to be used by IBM Security Directory Integrator must be defined. For information on keystores and truststores, see the guide at

The following steps are required to enable SSL support for IBM Security Directory Integrator as a client:

  1. Configure a server (such as IBM Security Directory Server) to enable SSL.
  2. If the certificate in the server is a self-signed certificate, export the certificate.
  3. If you don't have a Java™ (jks) keystore file already, create a keystore file using keytool (found in root_directory/jvm/jre/bin, or root_directory/jvm/bin, depending on your platform) for IBM Security Directory Integrator.
  4. If the server certificate is a self-signed certificate, import the server certificate to the IBM Security Directory Integrator keystore file as a root authority certificate using keytool.
  5. Edit root_directory/etc/ file for the keystore file location, keystore file password and keystore file type.
    These four lines (comments starting with #) are no longer needed for client and server authentication to the IBM Security Directory Integrator server. Stores that belong to IBM Security Directory Integrator are set up to be used by default. This is part of enabling Remote Method Invocation (RMI) by default.
    # Keystore file information for the server TDI authentication. 
    # It is used to provide the public key of the TDI to the SSL enabled client.
  6. Enable SSL for the Connectors.
  7. Restart IBM Security Directory Integrator.

IBM Security Directory Integrator truststore and keystore do not play any part in SSL configuration for the Domino® Change Detection connector. See section Lotus Domino SSL specifics for more information.