test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Generating Self-Signed Certificates

You need to generate certificates for SSL communication between each server and Gateway.

ProcedureTo Generate a Self-Signed Certificate After Installation

  1. As root, run the certadmin script on the Gateway machine for which you want to generate a certificate:


    portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name

    The certificate administration menu is displayed.


    1) Generate Self-Signed Certificate
2) Generate Certificate Signing Request (CSR)
3) Add Root CA Certificate
4) Install Certificate From Certificate Authority (CA)
5) Delete Certificate
6) Modify Trust Attributes of Certificate (e.g., for PDC)
7) List Root CA Certificates
8) List All Certificates
9) Print Certificate Content
10) Quit
choice: [10]
1

  2. Choose option 1 on the certificate administration menu.

    The certificate administration script asks you if you want to keep the existing database files.

  3. Enter organization-specific information, token name, and the certificate name.

    Note –

    For a wild card certificate, specify a * in the fully-qualified DNS name of the host. For example, if the fully-qualified DNS name of the host is abc.sesta.com, specify it as *.sesta.com. The certificate that is generated is now valid for all host names in the sesta.com domain.


    What is the fully-qualified DNS name of this host? [host_name.domain_name]
What is the name of your organization (ex: Company)? []
What is the name of your organizational unit (ex: division)? []
What is the name of your City or Locality? []
What is the name (no abbreviation please) of your State or Province? []
What is the two-letter country code for this unit? []
Token name is needed only if you are not using the default internal 
(software) cryptographic module, for example, if you want to use a crypto card 
(Token names could be listed using:
modutil -dbdir /etc/opt/SUNWportal/cert/gateway-profile-name -list);
Otherwise, just hit Return below.
Please enter the token name. []
Enter the name you like for this certificate?
Enter the validity period for the certificate (months) [6]
A self-signed certificate is generated and the prompt returns.

    The token name (default being empty) and certificate name are stored in the .nickname file under /etc/opt/SUNWportal/cert/gateway-profile-name.

  4. Restart the Gateway for the certificate to take effect:


    ./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway