In this procedure, you import a Certificate Authority (CA) certificate. The certificate enables the Authentication UI server to trust the certificate from the Access Manager load balancer (Load Balancer 3), and to establish trust with the certificate chain that is formed form the CA to the certificate.
Log in as a root user to Authentication UI Server 2.
Copy the root CA certificate into a directory.
After the certificate authority (CA) sends you the certificate, copy the certificate text into a file. In this example, the file is /export/software/ca.cer.
Import the root CA certificate into the Java certificate store.
# /usr/jdk/entsys-j2se/jre/bin/keytool -import -trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer -keystore /usr/jdk/entsys-j2se/jre/lib/security/cacerts -storepass changeit Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Serial number: 97dba0aa26db6386 Valid from: Tue Apr 18 07:66:19 PDT 2006 until: Tue Jan 13 06:55:19 PST 2009 Certificate fingerprints: MD5: 9f:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06 SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:26:64:36:80:E4:70 Trust this certificate: [no] yes Certificate was added to keystore. |
Verify that the root CA certificate was imported into the keystore.
# /usr/jdk/entsys-j2se/jre/bin/keytool -list -keystore ./cacerts -storepass changeit | grep -i open openssltestca, Nov 8, 2006, trustedCertEntry |
Restart AuthenticationUI-2.
# cd /opt/SUNWwwbsvr/https-AuthenticationUI-2.example.com # ./stop server has been shutdown #./start Sun ONE Web Server 6.1SP5 B06/23/2005 18:00 info: CORE3016: daemon is running as super-user info: CORE5076: Using [Java HotSpot(TM) Server VM, version 1.5.0_04 ] from [Sun Microsystems Inc.] info: WEB0100: Loading web module in virtual server [https-AuthenticationUI-2.example.com] at [/distAuth] info: WEB0100: Loading web module in virtual server [https-AuthenticationUI-2.example.com] at [/search] info: HTTP3072: [LS is 1] http://AuthenticationUI-2.example.com:1080 ready to accept requests startup: server started successfully |