Child pages
  • Start AM 7.0.0 with external DS over a secure connection

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: heading formatting

...

Expand

Read the password for the locally installed DJ from the generated keystore.pin file in the installed DJ config directory:

Code Block
languagebash
themeConfluence
$ more /path/to/opendj/config/keystore.pin
pfOcIDBdDWfVcjWGXMMNRqixH/bMKXC/hdVA+ZMBkuvkEHhWY5e9Gl7O+s16rlaW1tE=

Copy the ca-cert certificate from the keystore into the AM truststore:

Code Block
languagebash
themeConfluence
$ keytool -importkeystore -srckeystore /path/to/opendj/config/keystore -srcstorepass pfOcIDBdDWfVcjWGXMMNRqixH/bMKXC/hdVA+ZMBkuvkEHhWY5e9Gl7O+s16rlaW1tE= -destkeystore /path/to/openam/openam-truststore.jks -deststorepass changeit -srcalias ca-cert

DS 7 (with deploymentKey)

Expand

Execute the following command from within the DS folder to export the self-signed certificate to standard out.

Note: We need both the Deployment Key and the Deployment Key Password to access the keystore.

Code Block
languagebash
themeConfluence
$ bin/dskeymgr export-ca-cert \
  --deploymentKey AForYBg8mR_0kRsWbGHSrUP8aApOtpw5CBVN1bkVDAKLAd0oCRgow6hc \
  --deploymentKeyPassword example-password
-----BEGIN CERTIFICATE-----
MIIBfzCCASSgAwIBAgILAPyH9tZsACMAsAQwCgYIKoZIzj0EAwIwMTEWMBQGA1UE
ChMNRm9yZ2VSb2NrLmNvbTEXMBUGA1UEAxMORGVwbG95bWVudCBrZXkwHhcNMjAw
ODA3MDg0MjU0WhcNMzAwODA1MDg0MjU0WjAxMRYwFAYDVQQKEw1Gb3JnZVJvY2su
Y29tMRcwFQYDVQQDEw5EZXBsb3ltZW50IGtleTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABLYyEy3IKgGpO7RpSTh9EyVHfGfhOV9i0CQtYUfP2KIBHgPFOmpxVKIh
lgugW93FqnWt0siq6LgH02XcZTRWFPajIzAhMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQC/8wnMqwzPKyaTvGKB1eFq
/DueScqOsk0CJY0ASWyS8QIhAOCpTjtelgZdGq1DOStKJW6vAEWo4oG1cuZ5zWmX
qpPe
-----END CERTIFICATE-----


Store this certificate in a file, for example in the AM installation folder so that we can use it to import into the AM truststore. In this example we have copied the certificate to the clipboard so we can use the command line pbpaste utility to then paste that into a file.

Code Block
languagebash
themeConfluence
$ pbpaste > $HOME/openam/ds-ca-cert.pem


Import the DS self-signed certificate into the AM truststore with the following command:

Code Block
languagebash
themeConfluence
$ keytool -importcert -file $HOME/openam/ds-ca-cert.pem \
    -keystore $HOME/openam/security/keystores/truststore \
    -storepass changeit -alias ds-ca-cert -noprompt
Certificate was added to keystore

...