To Convert Portal Server to the Secure Mode on Application Server 8.2

If you have already installed Directory Server, Access Manager, Web Server, and Portal Server on Application Server 8.2, use this procedure to convert Portal Server installation to the secure mode. In the Secure mode, the communication between the user and Portal Server is through the https protocol.

1. Install Directory Server, Access Manager, Web Server, Portal Server, and Application Server 8.2.

2. Create a password file password and specify the password that has been provided for Application Server.

3. Create a certificate signing request.

   certutil -R -s "CN=HOSTNAME.domain-name,OU=People,O=Portal,L=Location,ST=State,C=Country" -o certreq.pem -g 512 -d /var/opt/SUNWappserver/domains/domain1/config -f password -a

   This command creates a certificate request in the certreq.pem file. The certutil file is present in the /usr/sfw/bin directory.

4. Send the certificate signing request to the CMS.

5. Paste the contents of the approved certificate in an empty file on the Application Server machine.

   For example, the file name is servercert.pem.

6. Add this certificate in the database.

   1. Change to the config directory of Application Server.

      cd /var/opt/SUNWappserver/domains/domain1/config

   2. Run the command the following.

      certutil -A -n servercert -t "u,u,u" -d /var/opt/SUNWappserver/domains/domain1/config -a -i servercert.pem -f password

7. Add the CMS root ca to the database.

   certutil -A -n rootca -t "TCu,TCu,TCuw" -d /var/opt/SUNWappserver/domains/domain1/config -a -i path-to-cert -f password

8. Log in to the administrator console of Application Server.

   https://hostname.domain-name:4849

9. Click Configurations -> server-config -> HTTP Service -> HTTP Listeners -> http-listener-2.

   Perform the following tasks:

   • Verify whether the security is enabled.

   • Verify whether the certificate nickname is servercert.

   • Enable SSL3.

   • Enable TLS.

   • Select Cipher Suites option.

10. Restart the Application Server.

11. Log in to the Access Manager administrator console.

    http://host.domain-name:8080/amconsole

    1. Change success URLs to https://host.domain-name:8181/portal.

    2. In the Service Configuration, change the platform server list from https://host:8080|01 to http://host:8181|01.

12. Open the AMConfig.properties file.

    The AMConfig.properties file is located in the AccessManager_base/SUNWam/lib directory.

13. Change com.iplanet.am.server.protocol to https. Add com.sun.identity.liberty.authnsvc.url= https://host.domain-name:8181/amserver/Liberty/authnsvc.

    com.iplanet.am.server.protocol=https com.iplanet.am.server.host=host.domain-name com.iplanet.am.server.port=8181 com.iplanet.am.console.protocol=https com.iplanet.am.console.host=host.domain-name com.iplanet.am.console.port=8181 com.iplanet.am.profile.host=host.domain-name com.iplanet.am.profile.port=8181 com.iplanet.am.naming.url=https://host.domain-name:8181 /amserver/namingservice com.iplanet.am.notification.url=https://host.domain-name:8181 /amserver/notificationservice com.sun.identity.liberty.interaction.wspRedirectHandler= https://host.domain-name:8181/amserver/WSPRedirectHandler com.sun.identity.loginurl=https://host.domain-name:8181 /amserver/UI/Login com.sun.identity.liberty.authnsvc.url= https://host.domain-name:8181/amserver/Liberty/authnsvc

14. Restart Directory Server, Access Manager, Application Server, and Portal Server.