test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Import the Access Manager Load Balancer Certificate Authority Root Certificate into Distributed Authentication User Interface 1

Import a Certificate Authority (CA) root certificate that enables the Distributed Authentication User Interface to trust the SSL certificate from the Access Manager Load Balancer 3, and establish trust with the certificate chain that is formed from the Certificate Authority to the certificate.

  1. As a root user, log in to the AuthenticationUI–1 host machine.

  2. Copy the CA root certificate into a directory.

    Use the same root certificate installed in To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer. In this example, the file is /export/software/ca.cer.

  3. Import the CA root certificate into the Java keystore.


    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -import -trustcacerts 
  -alias OpenSSLTestCA -file /export/software/ca.cer 
  -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
  -storepass changeit

Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, 
O=Sun,L=Santa Clara, ST=California C=US
Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, 
O=Sun,L=Santa Clara, ST=California C=US
Serial number: 97dba0aa26db6386
Valid from: Tue Apr 18 07:66:19 PDT 2006 until: Tue Jan 13 06:55:19 
PST 2009
Certificate fingerprints:
				MD5: 9f:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06
     SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:26:64:36:80:E4:70
Trust this certificate: [no] yes
Certificate was added to keystore.

  4. Verify that the CA root certificate was imported into the keystore.


    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -list 
  -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
  -storepass changeit | grep -i open

openssltestca, Nov 8, 2006, trustedCertEntry

  5. Restart the Web Server AuthenticationUI-1 instance.


    # cd /opt/SUNWwbsvr/https-AuthenticationUI-1.example.com/bin
# ./stopserv

server has been shutdown

# ./startserv

Sun Java System Web Server 7.0 B12/04/2006 07:59
info: CORE5076: Using [Java HotSpot(TM) Server VM, 
Version 1.5.0_09] from [Sun Microsystems Inc.]
info: WEB0100: Loading web module in virtual server 
[AuthenticationUI-1.example.com] at [/distAuth]
info: HTTP3072: http-listener-1: 
http://AuthenticationUI-1.example.com:1080 
ready to accept requests
info: CORE3274: successful server startup

  6. Log out of the AuthenticationUI–1 host machine.