To Configure a Secure Web Server

1. In the Access Manager console, go to the Service Configuration module and select the Platform service. In the Server List attribute, remove the http:// protocol, and add the https:// protocol. Click Save.

   ---

   Note –

   Be sure to click Save. If you don’t, you will still be able to proceed with the following steps, but all configuration changes you have made will be lost and you will not be able to log in as administrator to fix it.

   ---

   Steps 2 through 24 describe the Web Server.

2. Log on to the Web Server console. The default port is 8888.

3. Select the Web Server instance on which Access Manager is running, and click Manage.

   This displays a pop-up window explaining that the configuration has changed. Click OK.

4. Click on the Apply button located top right corner of the screen.

5. Click Apply Changes.

   The Web Server should automatically restart. Click OK to continue.

6. Stop the selected Web Server instance.

7. Click the Security Tab.

8. Click on Create Database.

9. Enter the new database password and click OK.

   Ensure that you write down the database password for later use.

10. Once the Certificate Database has been created, click on Request a Certificate.

11. Enter the data in the fields provided in the screen.

    The Key Pair Field Password field is the same as you entered in Step 9. In the location field, you will need to spell out the location completely. Abbreviations, such as CA, will not work. All of the fields must be defined. In the Common Name field, provide the hostname of your Web Server.

12. Once the form is submitted, you will see a message such as:

    --BEGIN CERTIFICATE REQUEST--- afajsdllwqeroisdaoi234rlkqwelkasjlasnvdknbslajowijalsdkjfalsdflasdf alsfjawoeirjoi2ejowdnlkswnvnwofijwoeijfwiepwerfoiqeroijeprwpfrwl --END CERTIFICATE REQUEST--

13. Copy this text and submit it for the certificate request.

    Ensure that you get the Root CA certificate.

14. You will receive a certificate response containing the certificate, such as:

    --BEGIN CERTIFICATE--- afajsdllwqeroisdaoi234rlkqwelkasjlasnvdknbslajowijalsdkjfalsdflasdf alsfjawoeirjoi2ejowdnlkswnvnwofijwoeijfwiepwerfoiqeroijeprwpfrwl --END CERTIFICATE---

15. Copy this text into your clipboard, or save the text into a file.

16. Go to the Web Server console and click on Install Certificate.

17. Click on Certificate for this Server.

18. Enter the Certificate Database password in the Key Pair File Password field.

19. Paste the certificate into the provided text field, or check the radio button and enter the filename in the text box. Click Submit.

    The browser will display the certificate, and provide a button to add the certificate.

20. Click Install Certificate.

21. Click Certificate for Trusted Certificate Authority.

22. Install the Root CA Certificate in the same manner described in steps 16 through 21.

23. Once you have completed installing both certificates, click on the Preferences tab in the Web Server console.

24. Select Add Listen Socket if you wish to have SSL enabled on a different port. Then, select Edit Listen Socket.

25. Change the security status from Disabled to Enabled, and click OK to submit the changes, click Apply and Apply Changes.

    Steps 26–29 apply to Access Manager.

26. Open the AMConfig.properties file. By default, the location of this file is etc/opt/SUNWam/config.

27. Replace all of the protocol occurrences of http:// to https://, except for the Web Server Instance Directory. This is also specified in AMConfig.properties, but must remain the same.

28. Save the AMConfig.properties file.

29. In the Web Server console, click the ON/OFF button for the Access Manager hosting web server instance.

    The Web Server displays a text box in the Start/Stop page.

30. Enter the Certificate Database password in the text field and select Start.