By default, an agent installed on a remote Web Server 7.0 instance trusts any server certificate presented over SSL by the OpenSSO Enterprise host. The web agent does not check the root CA certificate. If the OpenSSO Enterprise host is SSL-enabled and you want the Web Server 7.0 agent to perform certificate checking, you can disable this behavior.
In the Web Server 7.0 agent's OpenSSOAgentBootstrap.properties file, set the following properties, depending on the requirements for your deployment.
Note: These properties have new names for version 3.0 web agents.
Disable the option to trust server certificate sent over SSL by the OpenSSO Enterprise host:
com.sun.identity.agents.config.trust.server.certs = false
Set the certificate database directory. For example:
com.sun.identity.agents.config.sslcert.dir = /var/opt/SUNWwbsvr7/https-agent-host.example.com/config
If the certificate database directory has multiple certificate databases, set the following property to the prefix of the database you want to use. For example:
com.sun.identity.agents.config.certdb.prefix = https-agent-host.example.com.host-
Set the certificate database password:
com.sun.identity.agents.config.certdb.password = password
Set the certificate database alias:
com.sun.identity.agents.config.certificate.alias = alias-name