ssl-keyfile

This stanza entry specifies the SSL key file name and location.

Syntax

ssl-keyfile = ldap-ssl-key-filename

Description

SSL key file name and location. Use the SSL key file to handle certificates that are used in LDAP communication. The file extension can be anything, but the extension is usually .kdb.

The certificate files in a directory need to be accessible to the server user (or all users). Make sure that server user (for example, ivmgr) or all users have permission to access the .kdb file and the folder that contains the .kdb file.

Options

ldap-ssl-key-filename: A valid file name is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. For Windows operating systems, file names cannot have a backward slash (\), a colon (:), a question mark (?), or double quotation marks. Windows operating systems path names, however, can have a backward slash (\) or a colon (:). For AIX, Linux, and Solaris operating systems, path names and file names are case-sensitive.

Usage

Conditional. This stanza entry is required only when the LDAP server is configured to do client authentication (ssl-enabled = yes).

Default value

The following table shows the default value by platform.

Table 1. [ldap] stanza ssl-keyfile default value by platform
Platform	File name
Linux® or UNIX	/opt/PolicyDirector/keytab/`server_name`.kdb
Windows	c:\program files\tivoli\policy director\keytab\`server_name`.kdb

Example

The following example sets the SSL key file for a UNIX policy server:

ssl-keyfile = /ldap52kdb/a17jsun.kdb