As a root user, log into the Federation Manager 1 host.
Locate the JAVAHOME directory and JDK keystore directory for the Federation Manager 1 web container.
#cd /opt/SUNWwbsvr/https-FederationManager-1.siroe.com/config # view server.xml |
Locate the following JAVA javahome entry. In this deployment example, it looks like this:
<JAVA javahome="/usr/jdk/entsys-j2se" |
To find the JDK keystore file, append the following to the javahome path:
/jre/lib/security |
For example, in this deployment example, the JDK keystore is in the following directory:
/usr/jdk/entsys-j2se/jre/lib/security |
This directory contains the Federation Manager trusted CA files.
Obtain a copy of the Access Manager 1 root CA certificate.
You can obtain a copy from the certificate issuer. Or you can copy the certificate stored on the Access Manager 1 host.
In this deployment example, the Access Manager 1 root CA certificate has already been copied to the following directory on Federation Manager 1:
/net/slapd/export/share/cacert |
Import the Access Manager root CA certificate into the Federation Manager JDK keystore.
The alias rootCA represents the name of the root CA certificate you want to import.
# cd /usr/jdk/entsys-j2se/jre/lib/security # keytool -import -keystore cacerts -alias rootCA -file /net/slapd/export/share/cacert Enter keystore password: changeit Owner: CN=Certificate Manager, OU=Identity Services, O=Sun Microsystems Inc., L=Santa Clara, ST=California, C=US Issuer: CN=Certificate Manager, OU=Identity Services, O=Sun Microsystems, Inc., L=Santa Clara, ST=California, C=US Serial number:320 Valid from Mon Aug 16 00:00:00 PDT 2004 until: Mon Aug 16 00:00:00 PDT 2032 Certificate fingerprints: MDS: CD:07:DF:A6:CA:B9:AB:94:FF:CF:17:35:AB:C2:C2:51 SHA1:9A:B5:F7:54:DE:8A:BC:E9:F6:1D:F1:5B:71:46:72:9E:F0:4E:B8:7A Trust this certificate? [no]: yes Certificate was added to keystore. |
To verify that the root CA certificate was successfully imported, run the list command:
# cd /usr/jdk/instances/jdk1.5.0/jre/lib/security # keytool -list -keystore cacerts -alias rootCA -rfc Enter keystore password: changeit Alias name: rootCA Creation date: Mar 9, 2007 Entry type: trustedCertEntry -----BEGIN CERTIFICATE----- MIICjjCCAjigAwIBAgICAyAwDQYJKoZIhvcNAQEFBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQI EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh dGUgTWFuYWdlcjAeFw0wNDA4MTYwNzAwMDBaFw0zMjA4MTYwNzAwMDBaMIGSMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExHjAcBgNVBAoTFVN1 biBNaWNyb3N5c3RlbXMgSW5jLjEaMBgGA1UECxMRSWRlbnRpdHkgU2VydmljZXMxHDAaBgNVBAMT E0NlcnRpZmljYXRlIE1hbmFnZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArPzFAYBufzrX2i7G /HhBi1RtEjYDHCy15WWytK6ZwbfXUMeyGadHweoZniOBU3VKdHhjIDCjqMMN25/rEM5ozwIDAQAB o3YwdDARBglghkgBhvhCAQEEBAMCAAcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUO6AhN+VM J+xbI0tNcOXtwwNQq64wHwYDVR0jBBgwFoAUO6AhN+VMJ+xbI0tNcOXtwwNQq64wDgYDVR0PAQH/ BAQDAgGGMA0GCSqGSIb3DQEBBQUAA0EAVHUPw/JfaTYTU8rHjR+6Xr6GqNbaT4eZtNXs5wIYljwl HvLjL/AITbxrinqfFiOB2JAOW+gLxo4j6LV6W9/2Mw== -----END CERTIFICATE----- |