ssl-keyfile

This stanza entry specifies the SSL key file name and location.

ssl-keyfile = ldap-ssl-key-filename

SSL key file name and location. Use the SSL key file to handle certificates that are used in LDAP communication. The file extension can be anything, but the extension is usually .kdb.

The certificate files in a directory need to be accessible to the server user (or all users). Make sure that server user (for example, ivmgr) or all users have permission to access the .kdb file and the folder containing .kdb file.

Options

ldap-ssl-key-filename
A valid file name is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. For Windows operating systems, file names cannot have a backward slash (\), a colon (:), a question mark (?), or double quotation marks. Windows operating systems path names, however, can have a backward slash (\) or a colon (:). For AIX, Linux, and Solaris operating systems, path names and file names are case-sensitive.

Usage

Conditional. Required only when the LDAP server is configured to do client authentication (ssl-enabled = yes).

Default value

The following table shows the default value by platform.

Platform File name
Linux or UNIX /opt/PolicyDirector/keytab/server_name.kdb
Windows c:\program files\tivoli\policy director\keytab\server_name.kdb

Example

The following example sets the SSL key file for a UNIX policy server:
ssl-keyfile = /ldap52kdb/a17jsun.kdb

Parent topic: [ldap] stanza