Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Import the Root Certificate to the Web Server 2 JDK Certificate Store

Before You Begin

Copy ca.cer, the same CA root certificate used in 4.3 Enabling Secure Communication for the Directory Server User Data Instances, to the JDK certificate store in the /export/WS7 directory on the da–2 host machine.

  1. As a root user, log into the da–2 host machine.

  2. Import ca.cer into cacerts, the certificate store.


    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -import 
    -trustcacerts -alias OpenSSLTestCA -file /export/WS7/ca.cer 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
    -storepass changeit
    
    Owner: EMAILADDRESS=nobody@nowhere.com, CN=openssltestca, 
    OU=am, O=sun, L=santa clara, ST=california, C=us
    Issuer: EMAILADDRESS=nobody@nowhere.com, CN=openssltestca, 
    OU=am, O=sun, L=santa clara, ST=california, C=us
    Serial number: f59cd13935f5f498
    Valid from: Thu Sep 20 11:41:51 PDT 2008 until: 
     Thu Jun 17 11:41:51 PDT 2010
    Certificate fingerprints:
     MD5:  78:7D:F0:04:8A:5B:5D:63:F5:EC:5B:21:14:9C:8A:B9
     SHA1: A4:27:8A:B0:45:7A:EE:16:31:DC:E5:32:46:61:9E:B8:
      A3:20:8C:BA
    
    Trust this certificate? [no]: yes
    
    Certificate was added to keystore
  3. (Optional) Verify that the root certificate was successfully imported.


    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -list 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
    -storepass changeit | grep -i open
    
    openssltestca, Jul 1, 2008, trustedCertEntry
  4. Restart the Web Server instance.


    # su da80adm
    # cd /opt/SUNWwbsvr/https-da-2.example.com/bin
    # ./stopserv ; ./startserv
    
    server has been shutdown
    
    Sun Java System Web Server 7.0U2 B12/09/2008 09:02
    info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_12]
    from [Sun Microsystems Inc.]
    info: HTTP3072: http-listener-1: http://da-2.example.com:1080 ready to
    accept requests
    info: HTTP3072: http-listener-2: https://da-2.example.com:1443 ready to
    accept requests
    info: CORE3274: successful server startup
  5. Log out of the da-2 host machine.