If you have deployed the Delegated Administrator console to Web Server 6 or Web Server 7.x, you can run the Delegated Administrator console in SSL mode, over a secure port.
If the Delegated Administrator server is deployed to Web Server 6 or Web Server 7.x, you can run the Delegated Administrator utility (commadmin) in SSL mode.
To enable the Delegated Administrator console and utility to use SSL access:
For the console, complete all the steps in the SSL-configuration procedure.
For the utility, you only have to complete Step 1 in the SSL-configuration procedure. Use the -s option with the commadmin commands to run in SSL mode.
For Web Server 6, follow this procedure:
For Web Server 7.x, follow this procedure:
In this procedure, the certificate truststore is created in the Delegated Administrator configuration directory. For example: /var/opt/SUNWcomm/config
Request and install a certificate.
In a production environment, you must request a certificate from a Certificate Authority (CA), which issues the certificate to you. Next, you install the certificate.
In a test environment, you can create and install a self-signed certificate.
For information about requesting and installing certificates for Web Server 6, see “Using Certificates and Keys” in the Sun Java System Web Server 6.1 SP6 Administrator’s Guide.
After you complete this step, you can run the Delegated Administrator utility in SSL mode.
Export the specific certificate in ASCII encoding.
For example:
/opt/SUNWwbsvr/bin/https/admin/bin/certutil -L -n Server-Cert -d \ -P https-host.domain-host- /opt/SUNWwbsvr/alias -a > /tmp/host.cert |
where
Server-Cert is the default name created by the Administration interface
host is the host name of the machine where Web Server 6 is running. For example: myhost.
host.domain is the host and domain name of the machine where Web Server 6 is running. For example: myhost.siroe.com.
Use the java keytool utility to import the certificate into a truststore.
This step assumes that you are creating a new truststore in the Delegated Administrator configuration directory.
Define the ssl.truststore property in the JVM Setting for the Web Server 6 instance configuration.
For example:
-Djavax.net.ssl.trustStore=/var/opt/SUNWcomm/config/truststore Djavax.net.ssl.trustStorePassword=password |
where password is the password you entered at the keytool prompt.
Modify the following property in the JVM Setting for the Web Server 6 instance configuration.
Change
-Djava.protocol.handler.pkgs=com.iplanet.services.comm |
to the following value:
-Djava.protocol.handler.pkgs=com.sun.identity.protocol |
Change the following properties in the daconfig.properties file:
Open the daconfig.properties file in a text editor.
The daconfig.properties file is located by default in the Delegated Administrator configuration directory:
da-base/data/da/WEB-INF/classes/com/sun/comm/da/resources |
(In a later step, you will deploy the daconfig.properties file to the Web Server 6 configuration directory.)
Change the property values as follows:
commadminserver.host=host.domain commadminserver.port=port commadminserver.usessl=true |
where host.domain is the host and domain name of the machine where Web Server 6 is running. For example: myhost.siroe.com.
And where port is the SSL port. For example: 443.
Deploy the Web Server 6 configuration and restart the instance:
In this procedure, the certificate truststore is created in the Delegated Administrator configuration directory. For example: /var/opt/SUNWcomm/config
Request and install a certificate.
In a production environment, you must request a certificate from a Certificate Authority (CA), which issues the certificate to you. Next, you install the certificate.
In a test environment, you can create and install a self-signed certificate.
For information about requesting and installing certificates for Web Server 7.x, see Managing Certificates in Sun Java System Web Server 7.0 Administrator’s Guide.
After you complete this step, you can run the Delegated Administrator utility in SSL mode.
Run the certutil utility to list all certificates in the certificate database.
For example:
cd /var/opt/SUNWcomm/config /usr/sfw/bin/certutil -L -d /var/opt/SUNWwbsvr7/https-host.domain/config |
where host.domain is the host and domain name of the machine where Web Server 7.x is running. For example: myhost.siroe.com
Export the specific certificate in ASCII encoding.
For example:
/usr/sfw/bin/certutil -L -n cert-host.domain -d /var/opt/SUNWwbsvr7/https-host.domain/config -a > host.cert |
where host and host.domain are the host name or host and domain name of the machine where Web Server 7.x is running.
Use the java keytool utility to import the certificate into a truststore.
This step assumes that you are creating a new truststore in the Delegated Administrator configuration directory.
Define the ssl.truststore property in the JVM Setting for the Web Server 7.x instance configuration.
For example:
-Djavax.net.ssl.trustStore=/var/opt/SUNWcomm/config/truststore -Djavax.net.ssl.trustStorePassword=password |
where password is the password you entered at the keytool prompt.
Modify the following property in the JVM Setting for the Web Server 7.x instance configuration.
Change
-Djava.protocol.handler.pkgs=com.iplanet.services.comm |
to the following value:
-Djava.protocol.handler.pkgs=com.sun.identity.protocol |
Change the following properties in the daconfig.properties file:
Open the daconfig.properties file in a text editor.
The daconfig.properties file is located by default in the Delegated Administrator configuration directory:
da-base/data/da/WEB-INF/classes/com/sun/comm/da/resources |
(In a later step, you will deploy the daconfig.properties file to the Web Server 7.x configuration directory.)
Change the property values as follows:
commadminserver.port=port commadminserver.usessl=true |
where port is the SSL port. For example: 443.
Deploy the Web Server 7.x configuration and restart the instance: