test

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Import the Root CA Certificate for the Access Manager Load Balancer into Authentication UI Server 1

In this procedure, you import a Certificate Authority (CA) certificate. The certificate enables the Authentication UI server to trust the certificate from the Access Manager load balancer (Load Balancer 3), and to establish trust with the certificate chain that is formed from the CA to the certificate.

  1. Log in as root to Authentication UI Server 2.

  2. Copy the root CA certificate into a directory.

    After the certificate authority (CA) sends you the certificate, copy the certificate text into a file. In this example, the file is /export/software/ca.cer.

  3. Import the root CA certificate into the Java certificate store.


    # /usr/jdk/entsys-j2se/jre/bin/keytool -import -trustcacerts
 -alias OpenSSLTestCA -file /export/software/ca.cer -keystore
/usr/jdk/entsys-j2se/jre/lib/security/cacerts -storepass changeit
Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, 
O=Sun,L=Santa Clara, ST=California C=US
Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, 
O=Sun,L=Santa Clara, ST=California C=US
Serial number: 97dba0aa26db6386
Valid from: Tue Apr 18 07:66:19 PDT 2006 until: Tue Jan 13 06:55:19 
PST 2009
Certificate fingerprints:
				MD5: 9f:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06
     SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:26:64:36:80:E4:70
Trust this certificate: [no] yes
Certificate was added to keystore.

  4. Verify that the root CA certificate was imported into the keystore.


    # /usr/jdk/entsys-j2se/jre/bin/keytool -list -keystore ./cacerts 
-storepass changeit | grep -i open
openssltestca, Nov 8, 2006, trustedCertEntry

  5. Restart AuthenticationUI-1.


    # cd /opt/SUNWwwbsvr/https-AuthenticationUI-1.example.com
# ./stop
server has been shutdown
#./start
Sun ONE Web Server 6.1SP5 B06/23/2005 18:00
info: CORE3016: daemon is running as super-user
info: CORE5076: Using [Java HotSpot(TM) Server VM,
version 1.5.0_04 ] from [Sun Microsystems Inc.]
info: WEB0100: Loading web module in virtual server 
https-AuthenticationUI-1.example.com]
at [/distAuth]
info: WEB0100: Loading web module in virtual server
https-AuthenticationUI-1.example.com] at [/search]
info: HTTP3072: [LS is 1] http://AuthenticationUI-1.example.com:1080 
ready to accept requests
startup: server started successfully