Server User Manual
Chapter 6. Command-Line Utilities
246
Option Description
-3 Specifies that hostnames should be checked in
SSL certificates.
-I Specifies the SSL key password file that contains
the token:password pair.
-K Specifies the absolute path, including the
filename, of the private key database of the
client.
The -K option must be specified when the key
database has a different name than key3.db
or when the key database is not under the
same directory as the certificate database, the
cert8.db file (the path which is specified with
the -P option).
-m Specifies the path to the security module
database, such as /etc/dirsrv/
slapd-instance_name/secmod.db. This
option only need to be given if the security
module database is in a different directory than
the certificate database itself.
-N Specifies the certificate name to use for
certificate-based client authentication, such as -
N "Server-Cert". If this option is specified,
then the -Z, -P, and -W options are required.
Also, if this option is specified, then the -D and
-w options must not be specified, or certificate-
based authentication will not occur, and the bind
operation will use the authentication credentials
specified on -D and -w.
-P Specifies the absolute path, including the option,
of the certificate database of the client. This
option is used only with the -Z option.
When used on a machine where an SSL-enabled
web browser is configured, the path specified on
this option can be that of the certificate database
for the browser. For example:
-P /security/cert.db
The client security files can also be stored on
the Directory Server in the /etc/dirsrv/
slapd-instance_name directory. In this case,
the -P option would call out a path and filename
similar to the following:
-P /etc/dirsrv/slapd-instance_name/client-
cert.db