To Install the OpenSSO Enterprise Root CA Certificate on the IIS 6.0 Agent (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Microsoft Internet Information Services (IIS) 6.0)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Microsoft Internet Information Services (IIS) 6.0

To Install the OpenSSO Enterprise Root CA Certificate on the IIS 6.0 Agent

Obtain the root CA certificate file that is installed on the OpenSSO Enterprise host server. The following examples use root_ca.crt as the name for the root CA certificate file.

On the IIS 6.0 server, locate the certutil.exe utility.

After you unzip the IIS 6.0 agent distribution file, certutil.exe is available in the PolicyAgent-base\bin directory.

For example: C:\Agents\web_agents\iis6_agent\bin\certutil.exe

If necessary, create the certificate database directory and the certificate database in the PolicyAgent-base directory. For example:
```
mkdir C:\Agents\web_agents\iis6_agent\cert
C:\Agents\web_agents\iis6_agent\bin certutil.exe -N -d ..\cert
```
where cert is the name of the certificate database directory.

When prompted, enter and confirm the password that will be used to encrypt your keys.

Install the OpenSSO Enterprise root CA certificate in the database. For example:
```
certutil.exe -A -n am_root_ca_cert -t "C,C,C" -d ..\cert -i ..\cert\root_ca.crt
```
where:
- am_root_ca_cert is the name of the OpenSSO Enterprise root CA certificate.
- root_ca.crt is the binary root CA certificate request file.

To verify that the root CA certificate is installed correctly, use certutil.exe with the -L option. For example:
```
C:\Agents\web_agents\iis6_agent\bin certutil.exe -L -d ..\cert am_root_ca_cert
```
You should see the name of the root CA certificate. For example:
```
am_root_ca_cert                                              C,C,C
```

© 2010, Oracle Corporation and/or its affiliates