Solaris 9 12/03 Release Notes

External Certificate Nickname Does Not Display in Administration Interface Nickname List (4725473)

If you install an external certificate through the Sun ONE Application Administration interface, a problem is encountered. This problem is encountered when you attempt to enable SSL for the http-listener by using the certificate that is installed on the external cryptographic module. Although the installation of the certificate is successful, the certificate nickname does not display in the Administration interface.

Workaround: Complete the following steps:

  1. Log in to the system where the Sun ONE Application Server software is installed as an Administrative User.

  2. Link the http-listener to the certificate that is installed on the external cryptographic module by using the asadmin command. For more information on the asadmin command, see the asadmin(1AS) man page.

    # asadmin create-ssl --user admin user--password password --host host name \
    --port port --type http-listener --certname nobody@apprealm:Server-Cert \
    --instance instance --ssl3enabled=true \
    --ssl3tlsciphers +rsa_rc4_128_md5 http-listener-1

    The previous command establishes the link between the certificate and the server instance. The command does not install the certificate. The certificate was installed through the Administration interface.

    Note –

    Although the certificate is linked with http-listener, the http-listener listens in non SSL mode.

  3. Enable the http-listener to listen in SSL mode. Use the following command:

    # asadmin set --user admin user --password password --host host name \
    --port port server1.http-listener.http-listener-1.securityEnabled=true

    The previous command switches the server instance listening state from non-SSL to SSL. After you complete the previous steps, the certificate is displayed in the Administration interface.

You can now use the Administration interface to edit the http-listener as needed.