The Certificate Authority (CA) root certificate enables the web policy agent to trust the certificate from the OpenSSO Enterprise Load Balancer 2, and to trust the certificate chain that is formed from the CA to the server certificate.
Copy the same CA root certificate used in To Install a CA Root Certificate to the OpenSSO Enterprise Load Balancer to the pr-1 host machine. In this example, the file is /export/software/ca.cer.
Backup cacerts before modifying it.
As a root user, log into the pr-1 host machine.
Import the CA root certificate into cacerts, the certificate store.
# /opt/SUNWwbsvr/jdk/jre/bin/keytool -import -trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, O=Sun,L=Santa Clara, ST=California C=US Serial number: f59cd13935f5f498 Valid from: Thu Sep 20 11:14:51 PDT 2008 18 07:66:19 PDT 2006 until: Thu Jun 17 11:41:51 PDT 2010 Certificate fingerprints: MD5: 78:7D:F0:04:8A:5B:5D:63:F5:EC:5B:21:14:9C:8A:B9 SHA1: A4:27:8A:B0:45:7A:EE:16:31:DC:E5:32:46:61:9E:B8:A3:20:8C:BA Trust this certificate: [no] yes Certificate was added to keystore. |
Verify that the CA root certificate was imported.
# /opt/SUNWwbsvr/jdk/jre/bin/keytool -list -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit | grep -i open openSSLTestCA, Sep 20, 2008, trustedCertEntry, |
Log out of the pr-1 host machine.