test

Sun Java System Portal Server 7.1 Configuration Guide

ProcedureTo Create an Application Server Instance on SSL Mode

  1. Install Application Server and Directory Server using the Java ES installer.

  2. Add valid certificates to the Application Server.

    The certificate database is available in the /var/SUNWappserver/domains/domain1/config directory. The database files are key3.db and cert8.db.

  3. Change to the config directory.

    cd /var/SUNWappserver/domains/domain1/config

  4. Create a password file, password, and specify the password.

  5. Create a certificate signing request.


    certutil -R -s "CN=node1.domain-name,OU=People,O=Portal,
L=location,ST=state,C=country" -o certreq.pem -g 512 
-d  /var/SUNWappserver/domains/domain1/config -f password -a

    This command creates a certificate request in the certreq.pem file. The certutil utility is located in the /usr/sfw/bin directory.

    1. Send this certificate request to a Certificate Management Server (CMS) for approval.

    2. After the certificate is approved, paste the contents of the approved certificate in a flat file on the Application Server machine. For example, the servercert.pem file.

    3. Add this certificate to the database.

    4. Change to the config directory of the Application Server.

      cd /var/ApplicationServer_base/SUNWappserver/domains/domain1/config

      Note –

      The servercert.pem file is also in the config directory.

    5. Run the command:

      certutil -A -n servercert -t "u,u,u" -d ApplicationServer_base/SUNWappserver/domains/domain1/config -a -i servercert.pem -f password

    6. Add root ca to the database.

      certutil -A -n rootca -t "TCu,TCu,TCuw" -d ApplicationServer_base/SUNWappserver/domains/domain1/config -a -i path_to_root_ca -f password

  6. Log in to administrator console of the Application Server.

    https://host.domain-name:4849

  7. Select Configuration -> server-config -> HTTP Service -> HTTP Listeners -> http-listener-2.

    Perform the following tasks:

    • Verify whether the security is enabled.

    • Verify whether the certificate nickname is servercert.

    • Enable SSL3.

    • Enable Transport Layer Security (TLS).

    • Select the All Cipher suites checkbox.

  8. Restart the Application Server.

    Because the Application Server is SSL enabled, you start the Java ES installer, Portal Server will not communicate with Application Server. You need to install root ca in the Java Development Kit (JDK) keystore of the hostname.

  9. Install root ca in the JDK keystore of the hostname.


    cd /usr/jdk/entsys-j2se/jre/lib/security
/usr/jdk/entsys-j2se/jre/bin/keytool -keystore
cacerts -keyalg RSA -import -trustcacerts -alias hostname
-storepass store-password -file root-ca-CA

  10. Invoke the Java ES installer and select Access Manager and Portal Server.

  11. Specify valid protocol and port values wherever prompted.