Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Import the Root CA Certificate into the Access Manager 2 Web Server

  1. To to the Web Server administration URL:


    http://AccessManager-2.example.com:8888/https-admserv/bin/index
  2. Log in to the Web Server console using the following information:

    User name:

    admin

    Password:

    web4d4min

  3. On the Servers tab, select the server AccessManager-2.example.com, and then click Manage.

  4. Click on the Security tab, and then initialize the Trust Database by providing the following information:

    Database Password:

    password

    Password (again):

    password

    Click OK.

  5. In the left frame, click Install Certificate. In the Install a Server Certificate page, provide the following information:

    Certificate for:

    Choose Trusted Certificate Authority (CA)

    Message text (with headers):

    Choose this option, and then paste into the text box the root certificate you received from the CA. To Request an SSL Certificate for the Distributed Authentication UI Load Balancer. The root certificate will look similar to this:


    -----BEGIN CERTIFICATE-----
    UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU
    AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0
    EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC
    xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u
    IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0
    wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz
    ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC
    FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU
    ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0
    GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo
    2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2
    -----END CERTIFICATE REQUEST-----

    Click OK.

  6. On the “Add Trusted CA Certificate page,” click “Add Server Certificate.”

  7. In the left frame, click Manage Certificates.

    In the list of certificates, you will see the certificate you just added. In this deployment example, the certificate name OpenSSLTestCA-Sun is displayed in the list.

    Close the browser.

  8. As a root user, log into the Access Manager 2 host.

  9. To verify that the certificate was imported properly, go to the following directory:


    /opt/SUNWwbsvr/alias

    In a directory listing, notice that certificate filename is formed by joining the prefix https-AccessManager-1.example.com and database file name cert8.db.


    #ls
    https-AccessManager-1.example.com-AccessManager-2-cert8.db
    https-AccessManager-1.example.com-AccessManager-2-key3.db
    https-AccessManager-2.example.com-cert8.db
    https-AccessManager-1.example.com-key3.db
    secmod.db
  10. Run the certutil list command, specifying the prefix from certificate filename:


    # cd /opt/SUNWwbsvr/bin/https/admin/bin
    # ./certutil -L -d /opt/SUNWwbsvr/alias/ -P "https-AccessManager-2.example.com-"
    OpenSSLTestCA - Sun

    The OpenSSLTestCA — Sun certificate you imported is displayed.