Replies: 2 comments
-
|
The ads-truststore file holds the server's key pair for securing replication connections, and other replicas' public key certificates. The key pair for the server has default alias ads-certificate. The cleartext password is stored in ads-truststore.pin. It is also the private key password for ads-certificate. This keystore is synchronized with the certificates under the base DN cn=admin data. Do not change this keystore directly unless you understand the impact on the server configuration. |
Beta Was this translation helpful? Give feedback.
-
|
OKay, thanks for that clarification. |
Beta Was this translation helpful? Give feedback.
-
When trying to use dsreplicate initialize...
and you get prompted to authorized SSL certs, and you choose manual
and then it prompts for trust for No, This session only, or "add to truststore"...
and then it ASKS you for a PATH..
shouldnt it offer a default path? especially since there seem to be 3 potential ones in the config dir?
(seems like it should default to /opt/opendj/config/admin-truststore but I dont know)
Also.. it prompts for a password.
If you tell it /path/to/keystore, and /path/to/keystore.pin exists... seems like it should just use the .pin file instead of prompting you for a password?
Beta Was this translation helpful? Give feedback.
All reactions