ssl-keyfile
This stanza entry specifies the SSL key file name and location.
ssl-keyfile = ldap-ssl-key-filenameSSL key file name and location. Use the SSL key file to handle certificates that are used in LDAP communication. The file extension can be anything, but the extension is usually .kdb.
The certificate files in a directory need to be accessible to the server user (or all users). Make sure that server user (for example, ivmgr) or all users have permission to access the .kdb file and the folder containing .kdb file.
Options
- ldap-ssl-key-filename
- A valid file name is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. For Windows operating systems, file names cannot have a backward slash (\), a colon (:), a question mark (?), or double quotation marks. Windows operating systems path names, however, can have a backward slash (\) or a colon (:). For AIX, Linux, and Solaris operating systems, path names and file names are case-sensitive.
Usage
Conditional. Required only when the LDAP server is configured to do client authentication (ssl-enabled = yes).
Default value
The following table shows the default value by platform.
Platform File name Linux or UNIX /opt/PolicyDirector/keytab/server_name.kdb Windows c:\program files\tivoli\policy director\keytab\server_name.kdb Example
The following example sets the SSL key file for a UNIX policy server:ssl-keyfile = /ldap52kdb/a17jsun.kdb