The Web Policy Agent on Protected Resource 1 connects to Access Manager servers through Load Balancer 3. The load balancer is SSL-enabled, so the agent must be able to trust the load balancer SSL certificate in order to establish the SSL connection. To do this, import the root CA certificate that issued the Load Balancer 3 SSL server certificate into the Web Policy Agent certificate store.
Obtain the root CA certificate, and copy it to ProtectedResource-2.
Copy the root CA certificate to Protected Resource 2.
Open a browser, and go to the Web Server 2 administration console.
http://ProtectedResource-2.example.com:8888
Log in to the Web Server 2 console using the following information:
admin
web4dmin
In the Select a Server field, select ProtectedResource-2.example.com, and then click Manage.
If a “Configuration files have not been loaded” message is displayed, it may be that the administration server has never been accessed, and so the configuration files have never been loaded. First click Apply, and then click Apply Changes. The configuration files are read, and the server is stopped and restarted.
Click the Security tab.
On the Initialize Trust Database page, enter a Database Password.
Enter the password again to confirm it, and then click OK.
In the left frame, click Install Certificate and provide the following information, and then click OK:
Choose Trusted Certificate Authority (CA)
password
OpenSSL_CA_Cert
/export/software/ca.cert
Click Add Server Certificate.
Click Manage Certificates.
The root CA Certificate name OpenSSL_CA_Cert is included in the list of certificates.
Click the Preferences tab.
Restart Web Server 2.
On the Server On/Off page, click Server Off. When the server indicates that the administration server is off, click Server On.
Configure the Web Policy Agent 2 to point to the Access Manager SSL port.
Edit the AMAgent.properties file.
# cd /opt/SUNWam/agents/es5/config/ _optSUNWwbsvr_https=ProtectedResource-2.example.com
Make a backup of the AMAgent.properties file before setting the following property:
# com.sun.am.naming.url = https://LoadBalancer-3.example.com:9443/amserver/namingservice
Save the file.
Restart Web Server 2.
# cd /opt/SUNWwbsvr/https-ProtectedResource-2.example.com # ./stop; ./start