test

Sun Java System Portal Server 7.2 Installation and Configuration Guide

ProcedureTo Convert Portal Server to the Secure Mode on Application Server 9.1

If you have already installed Directory Server, Access Manager, Web Server, and Portal Server on Application Server 9.1, use this procedure to convert Portal Server installation to the secure mode. In the Secure mode, the communication between the user and Portal Server is through the https protocol.

  1. Install Directory Server, Access Manager, Web Server, Portal Server, and Application Server 9.1.

  2. Create a password file password and specify the password that has been provided for Application Server 9.1.

  3. Create a certificate signing request.

    certutil -R -s "CN=HOSTNAME.domain-name,OU=People,O=Portal,L=Location,ST=State,C=Country" -o certreq.pem -g 512 -d /opt/SUNWappserver/appserver/domains/domain1/config -f password -a

    This command creates a certificate request in the certreq.pem file. The certutil file is present in the /usr/sfw/bin directory.

  4. Send the certificate signing request to the CA.

  5. Paste the contents of the approved certificate in an empty file on the Application Server 9.1 machine.

    For example, the file name is servercert.pem.

  6. Add this certificate in the database.

    1. Change to the config directory of Application Server 9.1.

      cd /opt/SUNWappserver/appserver/domains/domain1/config

    2. Run the command the following.

      certutil -A -n servercert -t "u,u,u" -d /opt/SUNWappserver/appserver/domains/domain1/config -a -i servercert.pem -f password

  7. Add the CMS root ca to the database.

    certutil -A -n rootca -t "TCu,TCu,TCuw" -d /opt/SUNWappserver/appserver/domains/domain1/config -a -i path-to-cert -f password

  8. Login to the Administration Console of Application Server 9.1.

    https://hostname.domain-name:4848

  9. Click Configurations -> server-config -> HTTP Service -> HTTP Listeners -> http-listener-2.

    Perform the following tasks:

    • .

    • Verify whether the certificate nickname is servercert.

    • Enable SSL3.

    • .

    • .

  10. Restart the Application Server 9.1.

  11. Login to the Access Manager Administration Console.

    http://host.domain-name:8080/amconsole

    1. Change success URLs to https://host.domain-name:8181/portal.

    2. In the Service Configuration, change the platform server list from https://host:8080|01 to http://host:8181|01.

  12. Open the AMConfig.properties file.

    The AMConfig.properties file is located in the /etc/opt/SUNWam/config directory.

  13. Change com.iplanet.am.server.protocol to https. Add com.sun.identity.liberty.authnsvc.url= https://host.domain-name:8181/amserver/Liberty/authnsvc.


    com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=host.domain-name
com.iplanet.am.server.port=8181
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=host.domain-name
com.iplanet.am.console.port=8181
com.iplanet.am.profile.host=host.domain-name
com.iplanet.am.profile.port=8181
com.iplanet.am.naming.url=https://host.domain-name:8181
/amserver/namingservice
com.iplanet.am.notification.url=https://host.domain-name:8181
/amserver/notificationservice
com.sun.identity.liberty.interaction.wspRedirectHandler=
https://host.domain-name:8181/amserver/WSPRedirectHandler
com.sun.identity.loginurl=https://host.domain-name:8181
/amserver/UI/Login
com.sun.identity.liberty.authnsvc.url=
https://host.domain-name:8181/amserver/Liberty/authnsvc

  14. Restart Directory Server and Application Server 9.1.