Document URL: https://access.redhat.com/documentation/en-us/red_hat_certificate_system/10/html/planning_installation_and_deployment_guide/installing_rhds#enabling_tls_support_in_directory_server

Section Number and Name: 6.5.2. Enabling TLS Support in Directory Server

Describe the issue:

This section is confusing as hell. If DS instance was created as described in 6.5.1, it has it's TLS support created and enabled already via default settings. The commands described won't work, or may even break DS instance - NSS database is already there, as are pin and pwd files, and self-signed certificate. For a client that uses the guide as a step-by-step instruction, it will be confusing.

More to that, the guide leads to create certificate with nickname "DS Certificate", which is not entirely bad, but differs from default "Server-Cert", and can provide additional confusion further, e.g. in 7.7.3. Creating the Configuration File for the First Step of the Installation, where in command extracting the certificate is used nickname -n "server-cert" , which it won't be if client follows instructions in 6.5.2.

Suggestions for improvement: Remove the section completely, rework it as a possible way of customization, and in a way it will work after actions in step 6.5.1. Alternatively, leave the customization for RHDS documentation, as it's hardly needed in RHCS installation process.

Additional information: