ForgeRock OpenDJ Replication – Enabling Encryption

This is a sequel to my earlier blog update on ForgeRock OpenDJ Replication and is largely inspired by a question raised in the ForgeRock Community Website. So if you are not very familiar with the steps involved in configuring OpenDJ Replication, I suggest you read/watch it before watching the embedded video below:

One-liner about the infrastructure used: two Linux Containers, each running an instance of ForgeRock OpenDJ is already replicating the OpenDJ data, but the replication traffic is not secure. In the video demonstration that follows, we’ll tighten the security a bit by encrypting the replication traffic as well as monitor the same using wireshark running on the host OS. Well, the diagram below indicates the end state of our screen-cast:

OpenDJReplicationEncrypted

Enjoy!

One comment

  • Thanks for your videos Rajesh. It’s nice to be able to see the full end-to-end flow, rather than just reading about it in the documentation.

    Question. You enabled the crypto manager but didn’t change the keys. Are the keys used by OpenDJ unique to each instance? If so, are they created at the time of server install? I ask since in OpenAM, there is a “test” certificate/key that some people use, which we always recommend people change. Just wondering if that’s necessary in this case.

    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *