Import a Certificate Authority (CA) root certificate that enables the Distributed Authentication User Interface to trust the SSL certificate from the Access Manager Load Balancer 3, and establish trust with the certificate chain that is formed from the Certificate Authority to the certificate.
As a root user, log in to the AuthenticationUI–1 host machine.
Copy the CA root certificate into a directory.
Use the same root certificate installed in To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer. In this example, the file is /export/software/ca.cer.
Import the CA root certificate into the Java keystore.
# /opt/SUNWwbsvr/jdk/jre/bin/keytool -import -trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Serial number: 97dba0aa26db6386 Valid from: Tue Apr 18 07:66:19 PDT 2006 until: Tue Jan 13 06:55:19 PST 2009 Certificate fingerprints: MD5: 9f:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06 SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:26:64:36:80:E4:70 Trust this certificate: [no] yes Certificate was added to keystore. |
Verify that the CA root certificate was imported into the keystore.
# /opt/SUNWwbsvr/jdk/jre/bin/keytool -list -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit | grep -i open openssltestca, Nov 8, 2006, trustedCertEntry |
Restart the Web Server AuthenticationUI-1 instance.
# cd /opt/SUNWwbsvr/https-AuthenticationUI-1.example.com/bin # ./stopserv server has been shutdown # ./startserv Sun Java System Web Server 7.0 B12/04/2006 07:59 info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_09] from [Sun Microsystems Inc.] info: WEB0100: Loading web module in virtual server [AuthenticationUI-1.example.com] at [/distAuth] info: HTTP3072: http-listener-1: http://AuthenticationUI-1.example.com:1080 ready to accept requests info: CORE3274: successful server startup |
Log out of the AuthenticationUI–1 host machine.