test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Import the Certificate Authority Root Certificate into the Application Server 1 Keystore

The Certificate Authority (CA) root certificate enables the J2EE policy agent to trust the certificate from the Access Manager Load Balancer 3, and to establish trust with the certificate chain that is formed from the CA to the certificate. Import the same CA root certificate used in To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer.

Before You Begin

This procedure assumes you have just completed To Configure the J2EE Policy Agent 1 for SSL Communication. In this example, the file is /export/software/ca.cer.

  1. Change to the directory where the cacerts keystore is located.


    # cd /usr/local/bea/jdk150_04/jre/lib/security
    Tip –

    Backup cacerts before you modify it.

  2. Import the root certificate.


    # /usr/local/bea/jdk150_04/bin/keytool -import 
  -trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer 
  -keystore /usr/local/bea/jdk150_04/jre/lib/security/cacerts 
  -storepass changeit

Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun,
 O=Sun, L=Santa Clara, ST=California, C=US 
Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun,
 O=Sun, L=Santa Clara, ST=California, C=US 
Serial number: 97dba0aa26db6386 
Valid from: Tue Apr 18 07:55:19 PDT 2006 
 until: Tue Jan 13 06:55:19 PST 2009 
Certificate fingerprints: 
	MD5: 9F:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06
	SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:28:64:36:80:E4:70 
Trust this certificate? [no]: yes
Certificate was added to keystore

  3. Verify that the certificate was successfully added to the keystore.


    # /usr/local/bea/jdk150_04/bin/keytool -list 
  -keystore /usr/local/bea/jdk150_04/jre/lib/security/cacerts 
  -storepass changeit | grep -i openssl

openssltestca, Sept 19, 2007, trustedCertEntry,

  4. Restart the Application Server 1 administration server and managed instance.

    1. Change to the bin directory.


      # cd /usr/local/bea/user_projects/domains/ProtectedResource-1/bin

    2. Stop the managed instance.


      # ./stopManagedWebLogic.sh ApplicationsServer-1 t3://localhost:7001

    3. Stop the administration server.


      # ./stopWebLogic.sh

    4. Start the administration server.


      # ./startWebLogic.sh &

    5. Start the managed instance.


      # ./startManagedWebLogic.sh ApplicationServer-1 t3://localhost:7001 &

  5. Log out of the ProtectedResource–1 host machine.