Appendix A   Configuring Identity Server in SSL Mode


Using Secure Socket Layer (SSL) with simple authentication guarantees confidentiality and data integrity.

Identity Server is capable of simultaneous SSL and non-SSL communications. This means that you do not have to choose between SSL or non-SSL communications; you can use both at the same time.

To configure Identity Server in SSL mode, see the following steps:

1. In the Identity Server console, click on the Properties arrow for the top-level organization (created during installation).

   The Organization Properties window will display in the Data pane.

2. In the Full DNS Name attribute, change the protocol from http:// to https://.

3. Click Save to save the changes.

4. In the Identity Server console, go to the Service Configuration module and select the Platform service. In the Server List attribute, remove the http:// protocol, and add the https:// protocol. Click Save.

5. Log on to the Sun ONE Web Server console. The default port is 58888.

6. Select the Web Server instance on which Identity Server is running, and click Manage.

   This displays a pop-up window explaining that the configuration has changed. Click OK.

7. Click on the Apply button located top right corner of the screen.

8. Click Apply Settings.

   The Web Server should automatically restart. Click OK to continue.

9. Stop the select Web Server instance.

10. Click the Security Tab.

11. Click on Create Database.

12. Enter the new database password and click OK.

    Ensure that you write down the database password for later use.

13. Once the Certificate Database has been created, click on Request a Certificate.

14. Enter the data in the fields provided in the screen.

    The Key Pair Field Password field is the same as you entered in Step 12. In the location field, you will need to spell out the location completely. Abbreviations, such as CA, will not work.

15. Once the form is submitted, you will see a message such as:

    --BEGIN CERTIFICATE REQUEST--- afajsdllwqeroisdaoi234rlkqwelkasjlasnvdknbslajowijalsdkjfalsdflasdf alsfjawoeirjoi2ejowdnlkswnvnwofijwoeijfwiepwerfoiqeroijeprwpfrwl --END CERTIFICATE REQUEST--

16. Copy this text and submit it for the certificate request.

    Ensure that you get the Root CA certificate.

17. You will receive a certificate response containing the certificate, such as:

    --BEGIN CERTIFICATE--- afajsdllwqeroisdaoi234rlkqwelkasjlasnvdknbslajowijalsdkjfalsdflasdf alsfjawoeirjoi2ejowdnlkswnvnwofijwoeijfwiepwerfoiqeroijeprwpfrwl --END CERTIFICATE---

18. Copy this text into your clipboard, or save the text into a file.

19. Go the Web Server console and click on Install Certificate.

20. Click on Certificate for this Server.

21. Enter the Certificate Database password in the Key Pair File Password field.

22. Paste the certificate into the provided text field, or check the radio button and enter the filename in the text box. Click Submit.

    The browser will display the certificate, and provide a button to add the certificate.

23. Click Install Certificate.

24. Click Certificate for Trusted Certificate Authority.

25. Install the Root CA Certificate in the same manner described in Step 19 through Step 24.

26. Once you have completed installing both certificates, click on the Preferences tab in the Web Server console.

27. Select Add Listen Socket and then Edit Listen Socket.

28. Change the security status from Off to On, and click OK to submit the changes.

29. Open the AMConfig.properties file. By default, the location of this file is /opt/SUNWam/lib.

30. Replace all of the protocol occurrences of http:// to https://, except for the Web Server Instance Directory. This is also specified in AMConfig.properties, but must remain the same.

31. Save the AMConfig.properties file.

32. In the Web Server console, click the ON/OFF button for the Identity Server hosting web server instance.

    The Web Server displays a text box in the Start/Stop page.

33. Enter the Certificate Database password in the text field and select Start.