test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Import the Certificate Authority Root Certificate into the Web Server 1 Keystore

The web policy agent on Protected Resource 1 connects to Access Manager through Load Balancer 3. The load balancer is SSL-enabled, so the agent must be able to trust the load balancer SSL certificate to establish the SSL connection. For this reason, import the root certificate of the Certificate Authority (CA) that issued the Load Balancer 3 SSL server certificate into the policy agent keystore.

Before You Begin

Import the same CA root certificate used in To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer.

  1. As a root user, log into the ProtectedResource–1 host machine.

  2. Copy the CA root certificate into a directory.

    In this example, the file is /export/software/ca.cer.

  3. Import the CA root certificate into the Java keystore.


    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -import -trustcacerts 
  -alias OpenSSLTestCA -file /export/software/ca.cer 
  -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit

Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun,
O=Sun,L=Santa Clara, ST=California C=US
Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun,
O=Sun,L=Santa Clara, ST=California C=US
Serial number: 97dba0aa26db6386
Valid from: Tue Apr 18 07:66:19 PDT 2006 until: Tue Jan 13 06:55:19
PST 2009
Certificate fingerprints:
MD5: 9f:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06
SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:26:64:36:80:E4:70
Trust this certificate: [no] yes
Certificate was added to keystore.

  4. Verify that the CA root certificate was imported.


    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -list 
  -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
  -storepass changeit | grep -i open

openssltestca, Sep 10, 2007, trustedCertEntry,

  5. Restart the Web Server 1 instance.


    # cd /opt/SUNWwbsvr/https-ProtectedResource-1.example.com/bin
# ./stopserv; ./startserv

server has been shutdown
Sun Java System Web Server 7.0 B12/04/2006 10:15
info: CORE3016: daemon is running as super-user
info: CORE5076: Using [Java HotSpot(TM) Server VM, 
Version 1.5.0_09] from [Sun Microsystems Inc.]
info: HTTP3072: http-listener-1: http://ProtectedResource-1.
example.com:1080 ready to accept requests
info: CORE3274: successful server startup

  6. Log out of the ProtectedResource–1 host machine.