The CA root certificate enables the J2EE policy agent to trust the certificate from the OpenSSO Enterprise Load Balancer 2, and to establish trust with the certificate chain that is formed from the CA to the certificate.
Copy the same CA root certificate used in To Install a CA Root Certificate to the OpenSSO Enterprise Load Balancer to the /export/software directory on the pr-2 host machine.
As a root user, log into the pr–2 host machine.
Change to the directory where the cacerts certificate store is located.
# cd /usr/local/bea/jdk150_06/jre/lib/security.
Backup cacerts before modifying it.
Import ca.cer, the CA root certificate.
# /usr/local/bea/jdk150_06/bin/keytool -import -trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer -keystore /usr/local/bea/jdk150_06/jre/lib/security/cacerts -storepass changeit Owner: EMAILADDRESSemail@example.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Issuer: EMAILADDRESSfirstname.lastname@example.org, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Serial number: 97dba0aa26db6386 Valid from: Tue Apr 18 07:66:19 PDT 2006 until: Tue Jan 13 06:55:19 PST 2009 Certificate fingerprints: MD5: 9f:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06 SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:26:64:36:80:E4:70 Trust this certificate: [no] yes Certificate was added to keystore.
Verify that ca.cer was successfully imported.
# /usr/local/bea/jdk150_06/bin/keytool -list -keystore /usr/local/bea/jdk150_06/jre/lib/security/cacerts -storepass changeit | grep -i openssl OpenSSLTestCA, Sep 15, 2008, trustedCertEntry,
Log out of the pr–2 host machine.