directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Re: [ApacheDS] Setting up my own certificate for SSL
Date Thu, 18 Dec 2008 22:13:43 GMT
Hammond, Steve wrote:
> >From what I remember from when it was moved, it is required to be in the
> Server DIT for StartTLS to work.  I don't know the reason for that tho.
>   

Ok, I just committed the fix. One can now use both system.

The new configuration for using an external keystore is :

  <ldapService id="ldapsService"
              enabled="true"
              tcpPort="10636"
              enableLdaps="true"
              nbTcpThreads="8"
              keystoreFile="/home/elecharny/zanzibar.ks"
              certificatePassword="mypassword">
    <directoryService>#directoryService</directoryService>
  </ldapService>

If one want to use the internal keystore, it's enough to simply remove 
the last two parameters :

  <ldapService id="ldapsService"
              enabled="true"
              tcpPort="10636"
              enableLdaps="true"
              nbTcpThreads="8">
    <directoryService>#directoryService</directoryService>
  </ldapService>


This will be available for 1.5.5

If you have any suggestion, feel free to reply to this mail !

Thanks !

PS : I will update the site accordingly.

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message