Disabling the Trust Behavior for the IIS 6.0 Agent
By default, the IIS 6.0 agent installed on a remote IIS 6.0 server trusts any server certificate presented over SSL by the OpenSSO Enterprise host. For the IIS 6.0 agent to perform certificate checking, you must disable this trust behavior.
To Disable the Trust Behavior for the IIS 6.0 Agent
-
Find the IIS 6.0 agent's OpenSSOAgentBootstrap.properties file in the agent's \config directory. For example:
C:\Agents\web_agents\iis6_agent\config\OpenSSOAgentBootstrap.properties
-
In the OpenSSOAgentBootstrap.properties file, set the SSL-related properties, depending on your specific deployment.
Note: These properties have new names for version 3.0 web agents.
-
Disable the option to trust the server certificate sent over SSL by the OpenSSO Enterprise host server:
com.sun.identity.agents.config.trust.server.certs = false
-
Specify the certificate database directory.
com.sun.identity.agents.config.sslcert.dir = path-to-cert-database
For example:
com.sun.identity.agents.config.sslcert.dir = C:/Agents/web_agents/iis6_agent/cert
-
If the certificate database directory has multiple certificate databases, set the following property to the prefix of the database you want to use. For example:
com.sun.identity.agents.config.certdb.prefix = prefix-
-
Specify the certificate database password:
com.sun.identity.agents.config.certdb.password = password
-
Specify the certificate database alias:
com.sun.identity.agents.config.certificate.alias = alias-name
-
-
Save the changes to the OpenSSOAgentBootstrap.properties file.
The agent uses information in the OpenSSOAgentBootstrap.properties file to start and initialize itself and to communicate with OpenSSO Enterprise server.
-
Restart IIS 6.0 using the iisreset command.
- © 2010, Oracle Corporation and/or its affiliates