Installation and Upgrade Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › Configure a Separate Key Store

Configure a Separate Key Store

By default, the key store is collocated with the policy store. You can configure the Policy Server to use a separate key store.

Note: For more information about key stores, see the SiteMinder Implementation Guide.

The type of directory server that is to function as a separate key store determines how you configure the store:

• If you can use the SiteMinder smldapsetup utility to configure a policy store, you can configure a separate key store using key store–specific schema. The following directory servers can be configured this way:
  • Microsoft Active Directory
  • Microsoft ADAM/AD LDS
  • Oracle Directory Server Enterprise Edition
  • Oracle Internet Directory Server
  • Red Hat Directory Server
• If you cannot use the SiteMinder smldapsetup utility to configure a policy store, then you must:
  1. Configure a separate directory server instance with the policy store schema only. The policy store schema includes the key store schema. You do not have to:
     • Set the SiteMinder superuser password.
     • Import the default policy store objects.
     • Import the policy store data definitions.

     A separate key store does not require these objects.

  2. Configure the Policy Server to use this policy store instance as a key store only.

     Note: For more information, see the Policy Server Administration Guide.