3.3 Obtaining Secure Socket Layer Certificates

In order to enable secure communications using the Secure Sockets Layer (SSL) protocol you need to obtain root certificates and server certificates from a certificate authority (CA). A CA root certificate proves that the particular CA issued a particular server certificate. CA root certificates are publicly available. The root certificate used in this deployment is a test certificate issued by OpenSSL and named ca.cer. You can obtain a root certificate from any commercial certificate issuer such as VeriSign, Thawte, Entrust, or GoDaddy.

The server certificates are requested within each procedure. You should know how to request server certificates from your CA of choice before beginning a deployment. The following sections are related to requesting, installing, and importing root and server certificates:

• To Install a Root Certificate and a Server Certificate on Directory Server 1

• To Install a Root Certificate and a Server Certificate on Directory Server 2

• To Install Application Server on the OpenSSO Enterprise 1 Host Machine

• To Install Application Server on the OpenSSO Enterprise 2 Host Machine

• To Request a Certificate for the OpenSSO Enterprise Load Balancer

• To Install a CA Root Certificate to the OpenSSO Enterprise Load Balancer

• To Install the Server Certificate to the OpenSSO Enterprise Load Balancer

• To Request and Install a Server Certificate and a Root Certificate for Web Server 1

• To Request and Install a Server Certificate and a Root Certificate for Web Server 2

• To Import the Root Certificate to the Web Server 1 JDK Certificate Store

• To Import the Root Certificate to the Web Server 2 JDK Certificate Store

• To Request a Certificate for the Distributed Authentication User Interface Load Balancer

• To Import a Root Certificate to the Distributed Authentication User Interface Load Balancer

• To Import a Certificate to the Distributed Authentication User Interface Load Balancer