The Certificate Authority (CA) root certificate enables the J2EE policy agent to trust the certificate from the Access Manager Load Balancer 3, and to establish trust with the certificate chain that is formed from the CA to the certificate. Import the same CA root certificate used in To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer.
This procedure assumes you have just completed To Configure the J2EE Policy Agent 1 for SSL Communication. In this example, the file is /export/software/ca.cer.
Change to the directory where the cacerts keystore is located.
# cd /usr/local/bea/jdk150_04/jre/lib/security |
Backup cacerts before you modify it.
Import the root certificate.
# /usr/local/bea/jdk150_04/bin/keytool -import -trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer -keystore /usr/local/bea/jdk150_04/jre/lib/security/cacerts -storepass changeit Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun, L=Santa Clara, ST=California, C=US Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun, L=Santa Clara, ST=California, C=US Serial number: 97dba0aa26db6386 Valid from: Tue Apr 18 07:55:19 PDT 2006 until: Tue Jan 13 06:55:19 PST 2009 Certificate fingerprints: MD5: 9F:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06 SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:28:64:36:80:E4:70 Trust this certificate? [no]: yes Certificate was added to keystore |
Verify that the certificate was successfully added to the keystore.
# /usr/local/bea/jdk150_04/bin/keytool -list -keystore /usr/local/bea/jdk150_04/jre/lib/security/cacerts -storepass changeit | grep -i openssl openssltestca, Sept 19, 2007, trustedCertEntry, |
Restart the Application Server 1 administration server and managed instance.
Change to the bin directory.
# cd /usr/local/bea/user_projects/domains/ProtectedResource-1/bin |
Stop the managed instance.
# ./stopManagedWebLogic.sh ApplicationsServer-1 t3://localhost:7001 |
Stop the administration server.
# ./stopWebLogic.sh |
Start the administration server.
# ./startWebLogic.sh & |
Start the managed instance.
# ./startManagedWebLogic.sh ApplicationServer-1 t3://localhost:7001 & |
Log out of the ProtectedResource–1 host machine.