• Installing CA with Secure Database Connection
• Installing KRA with Secure Database Connection
• Installing OCSP with Secure Database Connection
• Installing TKS with Secure Database Connection
• Installing TPS with Secure Database Connection

To install a new PKI subsystem using secure DS connection, add the following parameters into the deployment configuration file:

 pki_ds_secure_connection=True
 pki_ds_hostname=<font color="red">server.example.com</font>
 pki_ds_ldaps_port=636
 pki_ds_secure_connection_ca_nickname=<font color="red">ds_signing</font>
 pki_ds_secure_connection_ca_pem_file=<font color="red">ds_signing.crt</font>

The DS certificate will be imported into PKI's NSS database with the specified nickname.

Verify in DS access log (/var/log/dirsrv/slapd-pki-tomcat/access) that PKI server is connecting using SSL:

 [29/Jun/2016:23:20:40 +0200] conn=36 fd=64 slot=64 SSL connection from <font color="red">server.example.com</font> to <font color="red">server.example.com</font>
 [29/Jun/2016:23:20:40 +0200] conn=36 TLS1.2 128-bit AES

Verify PKI server can communicate with the DS with the following command:

 $ pki ca-cert-find

• PKI 10 Installation
• Enabling SSL Connection with Internal Database on New Instance