This section describes how to configure a digital certificate for a Gateway.
Ensure that the Gateway and Portal Server are up and running.
Edit the AMConfig.properties file on the Portal Server node.
The AMConfig.properties file is located in the AccessManager_base/SUNWam/config directory.
Import the certificates to the certificate database of the Gateway.
Import the Root Certificate Authority on the Gateway machine.
Add the Root Certificate Authority to the Gateway profile.
Run the following command:
PortalServer_base/SUNWportal/bin/certadmin -n gateway-profile-name
Select Option 3 in the command-line interface.
You are prompted to provide the certificate path. When you provide a valid path, the certificate is added. You will get a message that the certificate is added successfully.
Generate a Certificate Signing Request for submitting to the Certificate Authority.
Submit the Certificate Signing Request to a Certificate Authority and get it approved.
Save the certificate response on a file after Certificate Authority has signed it.
Import the certificate response file.
Import the Root CA certificate on the Portal Server machine.
./certutil -A -n rootca -t "TCu,TCu,TCuw" -d /var/opt/SUNWappserver/domains/domain1/config -a -i rootca-path |
Register Certificate as an Authentication module.
Log in to amconsole as the administrator.
Click the Identity Management tab.
Select the Organization.
Select Services in the View drop-down list.
Verify whether the Certificate is displayed in the left pane under the Authentication Modules option.
Click Add if the Certificate Service is not displayed in the left pane.
Select Certificate in the right pane.
Certificate is displayed under the Authentication Modules option.
Click OK.
Certificate is displayed under the Authentication Modules option in the left pane.
Allow Certificate Authentication to trust any remote host.
Log in to amconsole as the administrator.
Click the Identity Management tab.
Select the Organization.
Select Services in the View drop-down list.
Click the Arrow button displayed with the Certificate option.
Select the None option displayed in the Trusted Remote Hosts list box.
Click Remove.
Type Any in the text box displayed with the Trusted Remote Hosts list box.
Click Add, and click Save in the right panel.
Add Certificate as a required enforcement criterion.
Log in to amconsole as the administrator.
Click the Identity Management tab.
Select the Organization.
Select Services in the View drop-down list.
Click the Arrow button that is displayed with the Authentication Configuration option.
The Service Instance screen appears.
Click New in the Service Instance screen.
The New Service Instance List screen appears.
Enter the service instance name as gatewaypdc.
Click Submit.
The Service Instance List screen appears.
Click gatewaypdc option.
The gatewaypdc Show Properties screen appears.
Click the Edit link.
Click Add.
The Add Authentication Modules pop-up window appears.
Select Cert as the Module Name.
Select Required for Enforcement Criteria.
Click OK.
The Authentication Modules pop-up window appears.
Click OK and close the pop-up window.
Add a dynamic user.
Add Gateway host in the Portal Server administration console.
Restart the server.
This is mandatory because the Amconfig.Properties is updated.
Restart the Gateway profile.
Install the client certificate issued by the Certificate Authority into the browser.
Access the PDC enabled Gateway.
Install the client certificate to the JVM keystore.
Add portal services to the dynamic user created.
Add a dynamic user to the Distinguished Name (DN).