To Add Root Certificates to the Trusted Certificates in the Registry Domain

This task extends the list of trusted certificates in the Application Server registry domain.

Perform this task only if you use a third-party certificate and the root Certificate Authority (CA) certificate for the third party is not already in the Application Server truststore. Do not perform this task if you use only registry-issued certificates.

Steps

1. Download any root certificates that you want to support. Sites that provide root certificates include the following:

   • http://www.entrust.net/developer/

   • http://www.geotrust.com/resources/root_certificates/

   • http://www.thawte.com/roots/

   • http://www.verisign.com/support/roots.html

2. If necessary, use the unzip command to extract .cer files from the downloaded archive.

   ---

   Note –

   Some files have the suffix .der.

   ---

3. Copy the .cer files to the directory ServiceRegistry-base/install/cacerts.

4. Change to the directory ServiceRegistry-base/install.

5. Run the following command (all on one line):

   Solaris: /usr/sfw/bin/ant -f build-install.xml install.cacerts

   Linux: /opt/sun/bin/ant --noconfig -f build-install.xml install.cacerts

   This command installs any certificates found in the directory ServiceRegistry-base/install/cacerts into the Application Server domain truststore.

   You can use the list.cacerts target to make sure that the certificates have been installed correctly.

6. Follow the instructions in To Stop and Restart the Application Server Domain for the Registry.