OpenDJ: Changing server certificates

The default validity period for OpenDJ self-signed certificates used to be 730 days. Those of you who generated keys & self-signed certificates a couple of years ago could have certificates that will expire soon.

There’s a new chapter in the OpenDJ Administration Guide that covers Changing Server Certificates, including not only replacing the keys for regular connection handlers, but also generating new keys & self-signed certs used to protect replication traffic.

You will find the Configuring Servers For Client Application Access chapter has been beefed up with more examples of manipulating certificates using the Java keytool command, including CA-signed certificates. Plus, the Performing LDAP Operations chapter now also demonstrates Authenticating Using a Certificate, showing the steps to have an application, for example, authenticate to OpenDJ without a user name and password.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s