With the property com.sun.am.trust_server_certs set to true, the web agent does not perform certificate checking. Setting this property to false is one of the steps involved in enabling the web agent to perform certificate checking as illustrated in the following task.
Set the following property in the web agent AMAgent.properties configuration file to false as follows:
com.sun.am.trust_server_certs = false
Set the directory Cert DB as described in the substeps that follow:
Create a directory named cert.
The best practice is to create this folder in the following directory:
PolicyAgent-base/AgentInstance-Dir/
The following is a feasible example of the full path to the cert directory:
/usr/local/webagents/apache22_agent/Agent_001/cert
For more information about the directory structure, see Inside the Web Agent Base Directory.
In the web agent AMAgent.properties configuration file, set the path to the cert directory.
The following example, includes the property, com.sun.am.sslcert.dir, and the value:
com.sun.am.sslcert.dir = PolicyAgent-base/AgentInstance-Dir/cert
Set the Cert DB Prefix, if required.
In cases where the specified Cert DB directory has multiple certificate databases, the following property must be set to the prefix of the certificate database to be used:
com.sun.am.certdb.prefix
Set the property as follows:
com.sun.am.certdb.prefix = https-host.domain.com.host- |
Save and close the web agent AMAgent.properties configuration file.