Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 556

Installing Sync Services
a.
b.
c.
d.
Open the Services control panel, and right-click on User Sync Service. Select
5.
start.
556 Red Hat Directory Server Administrator's Guide • May 2005
Create a self-signed certificate using Java
C:\>keytool -genkey -alias ldap -keyalg RSA -validity
3650 -keystore c:\keystore
Enter keystore password:
What is your first and last name?
[Unknown]: directory.example.com
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]: example.com
What is the name of your City or Locality?
[Unknown]: Boston
What is the name of your State or Province?
[Unknown]: MA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=directory.example.com, OU=Unknown, O=example.com,
L=Boston, ST=MA, C=US correct?
[no]: yes
Enter key password for <ldap>
(RETURN if same as keystore password):
Use the same password for the certificate and keystore.
The first and last name field should be the fully qualified domain name of
the machine running the NT4 LDAP Service. If a different value is entered
as a security precaution, you must disable the "check hostname against
name in certificate" option in your Directory Server SSL configuration.
Export the CA certificate you created so that it can be imported into
Directory Server.
c:\>keytool -export -alias ldap -keystore c:\keystore
-rfc -file c:\ca.cer
Enter keystore password:
Certificate stored in file <ca.cer>
Copy this file,
ca.cer
Import the CA using the Console.
In the Tasks tab, select Manage Certificates. Open the CA Certs tab, hit the
"Install" button, and import the CA certificate from the directory where
you copied it.
keytool
password
password
, to your Directory Server machine.
: