How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 6.0) (Sun Cluster 3.0 12/01 Data Services Installation and Configuration Guide)

Sun Cluster 3.0 12/01 Data Services Installation and Configuration Guide

How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 6.0)

Any certificates that are installed for a secure instance of an iPlanet Web Server must be installed from all cluster nodes. The following procedure involves running the admin console on each node.

Determine the iPlanet Web Server release that you use.

If you use iPlanet Web Server 6.0, proceed to the next step.

If you use iPlanet Web Server 5.0, see "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 5.0)".

Ensure that you are installing a secure instance of iPlanet Web Server.

If you are not installing a secure instance of iPlanet Web Server, proceed to "How to Configure an iPlanet Web Server".

Run the administrative server on node1.

From your web browser, connect to the administrative server as http://node1.domain:port.

For example, http://phys-schost-1.eng.sun.com:8888.

Use the port number that you specified as the administrative server port during installation. The default port number is 8888.

Install the certificate on node1.

This installation creates three certificate files. One file, secmod.db, is common to all nodes, and the other two are specific to node1. These files are located in the alias subdirectory, under the directory in which the iPlanet Web Server files are installed.

If you installed iPlanet Web Server on a cluster file system, complete the following tasks. If you installed iPlanet Web Server on a local file system, go to Step 5.

Note the location and file names for the three files created when installing the certificate in Step 5.

For example, if you installed iPlanet Web Server in /global/iws/servers, and you used the IP address IPx when installing the certificate, then the paths to the files on node1 would be as follows.

/global/iws/servers/alias/secmod.db

/global/iws/servers/alias/https-IPx-node1-cert7.db

/global/iws/servers/alias/https-IPx-node1-key3.db

Create symbolic links for all of the other cluster nodes to the node-specific files for node1.

In the following example, substitute the appropriate file paths for your system.

ln -s /global/iws/servers/alias/https-IPx-node1-cert7.db
        /global/iws/servers/alias/https-IPx-node2-cert7.db 
ln -s /global/iws/servers/alias/https-IPx-node1-key3.db
        /global/iws/servers/alias/https-IPx-node2-key3.db

If you installed iPlanet Web Server on a local file system, complete the following tasks.

Note the location and file names for the three files created on node1 when installing the certificate in Step 3.

For example, if you installed iPlanet Web Server in /local/iws/servers, and you used the IP address IPx when installing the certificate, then the paths to the files on node1 would be as follows.

/local/iws/servers/alias/secmod.db

/local/iws/servers/alias/https-IPx-node1-cert7.db

/local/iws/servers/alias/https-IPx-node1-key3.db

Move the three certificate files to a location on the cluster file system.

In the following example, substitute the appropriate file paths for your system.

mv /local/iws/servers/alias/secmod.db
     /global/secure/secmod.db
mv /local/iws/servers/alias/https-IPx-node1-cert7.db 
     /global/secure/https-IPx-node1-cert7.db
mv /local/iws/servers/alias/https-IPx-node1-key3.db 
     /global/secure/https-IPx-node1-key3.db

Create symbolic links between the local and global paths of the three certificate files.

Create the symbolic links on each cluster node.

In the following example, substitute the appropriate file paths for your system.

Symbolic links for node1
ln -s /global/secure/secmod.db
        /local/iws/servers/alias/secmod.db 
ln -s /global/secure/https-IPx-node1-cert7.db
        /local/iws/servers/alias/https-IPx-node1-cert7.db
ln -s /global/secure/https-IPx-node1-key3.db
        /local/iws/servers/alias/https-IPx-node1-key3.db 

Symbolic links for node2
ln -s /global/secure/secmod.db
        /local/iws/servers/alias/secmod.db 
ln -s /global/secure/https-IPx-node1-cert7.db
        /local/iws/servers/alias/https-IPx-node2-cert7.db 
ln -s /global/secure/https-IPx-node1-key3.db
        /local/iws/servers/alias/https-IPx-node2-key3.db

Proceed to "How to Configure an iPlanet Web Server".