Google Postini Directory Sync Configuration Guide User Manual
Page 59
Sun ONE Directory Server
59
The first time you configure SSL on your server, you must set the password for
your security device. Be sure to keep this password, as you will need it later. If you
are not using an external hardware security device, the internal security device is
a certificate and key database stored in the following files:
ServerRoot/alias/slapd-serverID-cert7.db
ServerRoot/alias/slapd-serverID-key3.db
ServerRoot is the root directory of your directory server. ServerID is the ID
number of your server.
Create a certificate database
If you do not already have a certificate request set up, you will need to create one.
The directory server will create the certificate database files automatically the first
time you invoke the certificate manager dialog. You can also create the certificate
database manually. This step uses the command-line interface.
1. On the server host machine, create a certificate database with the following
command:
certutil -N -d ServerRoot/alias -P slapd-LCserverID-
LCserverID is your server name in all lower-case letters. ServerRoot is your
server root.
2. The tool will prompt you for a password to protect the keys of the certificates.
Keep track of this password. You will use it in later steps.
Generate a certificate request
Generate a PKCS #10 certificate request in PEM format. PEM is the Privacy
Enhanced Mail format used to represent a base64-encoded certificate request in
US-ASCII characters.
1. Log into the directory server console. Start the console from the directory
where your Sun ONE Directory Server is installed. You will need root
privileges.
# ./startconsole &
2. On the top-level Tasks tab of the Directory Server console, click Manage
Certificates.
The Manage Certificates dialog is displayed.
3. Go to the Server Certs tab. Click Request.
The Certificate Request Wizard is displayed.
4. Click Next to continue.
5. Enter the following Requestor Information in the blank text fields: