Configuring Tivoli Directory Integrator's LDAP Connector with SSL for Tivoli Directory Server.
Note: I am making use of default certificates created with installation of Tivoli Directory Integrator. This is usually not the best practise.
1) Creating Certificates and configuring Tivoli Directory Server to use that.
Create certificates like this:
gsk8capicmd_64 -keydb -create -db C:/key/myldap.kdb -pw passw0rd -type cms -stash -empty
gsk8capicmd_64 -cert -create -db C:/key/myldap.kdb -pw passw0rd -sigalg SHA1WithRSA -label serverlabel -dn "cn=chirag_ldap_server,o=idaas" -size 2048
gsk8capicmd_64 -cert -extract -db C:/key/myldap.kdb -pw passw0rd -label serverlabel -format ascii -target C:/key/myldap.cert
1) Creating Certificates and configuring Tivoli Directory Server to use that.
Create certificates like this:
gsk8capicmd_64 -keydb -create -db C:/key/myldap.kdb -pw passw0rd -type cms -stash -empty
gsk8capicmd_64 -cert -create -db C:/key/myldap.kdb -pw passw0rd -sigalg SHA1WithRSA -label serverlabel -dn "cn=chirag_ldap_server,o=idaas" -size 2048
gsk8capicmd_64 -cert -extract -db C:/key/myldap.kdb -pw passw0rd -label serverlabel -format ascii -target C:/key/myldap.cert
Configure it in ibmslapd.conf like this:
inside dn: cn=SSL, cn=Configuration
ibm-slapdSecurePort: 7636
ibm-slapdSecurity: SSLTLS
ibm-slapdSslKeyDatabase: C:\key\myldap.kdb
ibm-slapdSslAuth: serverauth
ibm-slapdSslCertificate: serverlabel
restart TDS server.
2) Adding the certificate in Tivoli Directory Integrator.
- Launch ikeyman from Configuration Editor
- Open the jks file serverapi\testadmin.jks -> password is administrator
- Select Signer Certificates
- Click on Add and select the myldap.cert file.
- Restart TDI Server.