To Set Up the Load Balancer in SSL Mode for Sun Java System Web Server 6.1 (Sun Java System Application Server 9.1 High Availability Administration Guide)

Sun Java System Application Server 9.1 High Availability Administration Guide

To Set Up the Load Balancer in SSL Mode for Sun Java System Web Server 6.1

Note –

You need to perform the steps in this section only if you want to use the Auto Apply feature of the load balancer plug-in. This feature helps to send the load balancer configuration automatically over the wire to the web server configuration directory.

Using a browser, access the Admin Console of Web Server and login.

Select your server instance and click on Manage.

Click on the Security tab.

Initialize the trust database by giving the username and password. This could be done using either the certutil command or the GUI. The following options of the certutil command could be used to initialize the trust database:
```
certutil -N -P  "https-instance-name-hostname-" -d .
```
- When prompted by certutil, enter the password to encrypt your keys. Enter a password, which will be used to encrypt your keys. The password should be at least eight characters long, and should contain at least one non-alphabetic character.
- When prompted to enter a new password, specify your password.

Create a sample local Certificate Authority (CA) using the following command:
```
certutil -S -P "https-boqueron.virkki.com-boqueron-" 
-d . -n SelfCA -s "CN=Self CA,OU=virkki.com,C=US" 
-x -t "TC,TC,TC" -m 101 -v 99 -5
```
1. When prompted to enter 0-7 for the type of certificate, type 5 for SSL CA. When the prompt reappears, specify 9.
2. When queried “Is this a critical extension [y/n]?,” specify “y.”

Use the above sample CA to generate a certificate
```
certutil -S -P "https-instance-name-hostname-"
-d . -n MyServerCert -s "CN=boqueron.virkki.com,C=US"
-c SelfCA -t "u,u,u" -m 102 -v 99 -5
```
1. When prompted to enter 0-7 for the type of certificate, type 1 for SSL Server. When the prompt reappears, specify 9.
2. When queried “Is this a critical extension [y/n]?,” specify “y.”

Create an HTTPS listener as explained in the following steps:
1. Log on to the web server's Administration Server.
2. Select a server and click Manage.
3. Click Add Listen Socket. In the Add Listen Socket page, do the following:
  1. Specify a port number.
  2. Ensure that the fully qualified domain name (FQDN) of the server is specified for the Server Name. For example, if the host name is machine1, and the domain name is server.example.com, then the FQDN is machine1.server.example.com.
  3. Select Enable from the Security drop-down list.
  4. Click OK.
4. Go to Edit Listen Sockets page and select the Listen Socket that you just created.
5. In the Listen Socket page, verify if the Server Certificate name is the same as the certificate name that you provided in Step 6.