Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Import a Certificate Authority Root Certificate to Protected Resource 1

The Certificate Authority (CA) root certificate enables the web policy agent to trust the certificate from the OpenSSO Enterprise Load Balancer 2, and to trust the certificate chain that is formed from the CA to the server certificate.

Before You Begin
  1. As a root user, log into the host machine.

  2. Import the CA root certificate into cacerts, the certificate store.

    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -import -trustcacerts 
    -alias OpenSSLTestCA -file /export/software/ca.cer 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit
    Owner:, CN=OpenSSLTestCA, OU=Sun,
    O=Sun,L=Santa Clara, ST=California C=US
    Issuer:, CN=OpenSSLTestCA, OU=Sun,
    O=Sun,L=Santa Clara, ST=California C=US
    Serial number: f59cd13935f5f498
    Valid from: Thu Sep 20 11:14:51 PDT 2008 18 07:66:19 PDT 2006 
    until: Thu Jun 17 11:41:51 PDT 2010
    Certificate fingerprints:
    MD5: 78:7D:F0:04:8A:5B:5D:63:F5:EC:5B:21:14:9C:8A:B9
    SHA1: A4:27:8A:B0:45:7A:EE:16:31:DC:E5:32:46:61:9E:B8:A3:20:8C:BA
    Trust this certificate: [no] yes
    Certificate was added to keystore.
  3. Verify that the CA root certificate was imported.

    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -list 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
    -storepass changeit | grep -i open
    openSSLTestCA, Sep 20, 2008, trustedCertEntry,
  4. Log out of the host machine.