Adding a Root CA Certificate
If a client site presents a certificate signed by a CA that is unknown to the Gateway certificate database, the SSL handshake fails.
To prevent this, you need to add a root CA certificate to the certificate database. This ensures that the CA becomes known to the Gateway.
Browse to the CA’s website and obtain the root certificate for that CA. When you use the certadmin script, specify the file name and path of the root CA certificate.
To Add a Root CA Certificate
-
As root, run the certadmin script.
portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name
The certificate administration menu is displayed.
1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate From Certificate Authority (CA) 5) Delete Certificate 6) Modify Trust Attributes of Certificate (e.g., for PDC) 7) List Root CA Certificates 8) List All Certificates 9) Print Certificate Content 10) Quit choice: [10] 3
-
Choose option 3 on the certificate administration menu.
-
Enter the name of the file that contains the root certificate and enter the name of the certificate.
The root CA certificate is added to the certificate database.
- © 2010, Oracle Corporation and/or its affiliates