6.4. Installing Red Hat Directory Server

Certificate System uses Red Hat Directory Server to store system certificates and user data. You can install both Directory Server and Certificate System on the same or any other host in the network.
Perform the following steps to install Red Hat Directory Server:
  1. Attach a Directory Server subscription to the host.
  2. Install the Directory Server packages.
  3. Run the setup-ds.pl Perl script to set up a Directory Server instance.
For a detailed procedure, see the Red Hat Directory Server Installation Guide.

6.4.1. Enabling TLS Support in Directory Server

For details about enabling TLS support in Directory Server, see the Enabling TLS in Directory Server section in the Directory Server Administration Guide.

Note

For stronger security, Red Hat recommends that you install Certificate System with TLS enabled for the connection to Directory Server.
As described in the Directory Server documentation, you can configure TLS either using a certificate issued by an external Certificate Authority (CA) or a temporary self-signed server certificate. However, after setting up the Certificate System CA, you can use this CA to issue a certificate and replace it with the one used when you set up Directory Server. For details on how to request and issue a TLS server certificate for Directory Server, see the corresponding section in the Red Hat Certificate System Administration Guide.