Add the following line in the /etc/opt/SUNWam/config/AMConfig.properties file on the Portal Server machine: com.iplanet.authentication.modules.cert.gwAuthEnable=yes.
Import the Required Certificates into the certificate database of the Gateway that you want PDC-enabled. To configure the certificates, see To import the Root CA certificate on the gateway machine
Log into the Access Manager administration console as administrator, do the following:
From the Access Manager administration console, do the following:
From the Access Manager administration console, do the following:
Choose the required organization and then select Services from the View drop-down menu.
The list of services is displayed.
Click the arrow next to the Authentication Configuration core service and then click New.
The New Service Instance page is displayed.
Enter the service instance name as gatewaypdc.
Click Submit.
The gatewaypdc Service Instance List is displayed.
Click gatewaypdc to edit the service.
The gatewaypdc show properties page is displayed.
Click Edit link next to Authentication Configuration and then click Add.
The Add Module page is displayed.
Choose Cert from the Module Name field and REQUIRED for Enforcement criteria, and then click OK.
Click OK to complete.
From the Access Manager administration console, do the following:
Log into the Portal Server administration console as administrator and do the following:
Restart the gateway profile from a terminal window:
./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway
Install the client certificate issued from CA into the browser one has to access PDC enabled gateway.
Install the client certificate into the JVM keystore. JVM control panel can be accessed as below from the windows machine Start > Setting > Control Panel > Java.
Add the following to the Applet RunTime parameters:
Djavax.net.ssl.keyStore=Path to Keystore
Djavax.net.ssl.keyStorePassword=password
Djavax.net.ssl.keyStoreType=type
Access your gateway profile and organization:
https://gateway:instance-port/YourOrganization
You should be logged in without any prompt for Username and Password with the name of the certificate.