Sun Java System Access Manager 7.1 Postinstallation Guide

Configuring Access Manager With a Secure Sun Java System Web Server

This section describes how to configure Access Manager in SSL mode with Sun Java System Web Server.

ProcedureTo Configure a Secure Web Server

  1. Login to the Access Manager Console as amadmin.

  2. Click Configuration, System Properties, and then Platform.

  3. Under Server Instance, click the server name.

  4. Change the http:// protocol to the https:// protocol.

  5. Click OK and then Save.

    Note –

    Be sure to click Save. If you don’t, you will still be able to continue with the following steps, but all configuration changes you have made will be lost, and you will not be able to log in as administrator to fix it.

  6. Login to the Web Server console. The default port is 8888.

  7. Select the Web Server instance on which Access Manager is running and click Manage.

    The console displays a pop-up window explaining that the configuration has changed. Click OK.

  8. Click Apply and then Apply Changes.

  9. Click Apply Changes.

    Web Server should automatically restart. Click OK to continue.

  10. Stop the selected Web Server instance.

  11. Click the Security Tab.

  12. Click on Create Database.

  13. Enter the new database password and click OK.

    Ensure that you write down the database password for later use.

  14. Once the Certificate Database has been created, click on Request a Certificate.

  15. Enter the data in the fields provided in the screen.

    The Key Pair Field Password field is the same as you entered in Step 9. In the location field, you will need to spell out the location completely. Abbreviations, such as CA, will not work. All of the fields must be defined. In the Common Name field, provide the hostname of your Web Server.

  16. Once the form is submitted, you will see a message such as:

  17. Copy this text and submit it for the certificate request.

    Ensure that you get the Root CA certificate.

  18. You will receive a certificate response containing the certificate, such as:

  19. Copy this text into your clipboard, or save the text into a file.

  20. Go to the Web Server console and click on Install Certificate.

  21. Click on Certificate for this Server.

  22. Enter the Certificate Database password in the Key Pair File Password field.

  23. Paste the certificate into the provided text field, or check the radio button and enter the filename in the text box. Click Submit.

    The browser will display the certificate, and provide a button to add the certificate.

  24. Click Install Certificate.

  25. Click Certificate for Trusted Certificate Authority.

  26. Install the Root CA Certificate in the same manner described in steps 16 through 21.

  27. Once you have completed installing both certificates, click on the Preferences tab in the Web Server console.

  28. Select Add Listen Socket if you wish to have SSL enabled on a different port. Then, select Edit Listen Socket.

  29. Change the security status from Disabled to Enabled, and click OK to submit the changes, click Apply and Apply Changes.

    Steps 26–29 apply to Access Manager.

  30. Open the file. By default, the location of this file is etc/opt/SUNWam/config.

  31. Replace all of the protocol occurrences of http:// to https://, except for the Web Server Instance Directory. This is also specified in, but must remain the same.

  32. Save the file.

  33. In the Web Server console, click the ON/OFF button for the Access Manager hosting web server instance.

    The Web Server displays a text box in the Start/Stop page.

  34. Enter the Certificate Database password in the text field and select Start.

Next Steps

If you are configuring Access Manager certificate authentication with an SSL-enabled Web Server 6.1 instance and want Web Server to accept both certificate-based and non- certificate-based authentication requests, set the following value in the Web Server obj.conf file:

PathCheck fn="get-client-cert" dorequest="1" require="0