To Import the Root CA Certificate into the Application Server Keystore (Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover)

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

To Import the Root CA Certificate into the Application Server Keystore

In this procedure, you import a Certificate Authority (CA) certificate. The certificate enables the Authentication UI server to trust the certificate from the Access Manager load balancer (Load Balancer 3), and to establish trust with the certificate chain that is formed from the CA to the certificate.

Go to the directory where the keystore ( the cacerts file) is located:
#cd /usr/local/bea/jdk150_04/jre/lib/security/

Make a backup of the cacerts file.

Copy the CA certificate that you obtained from your Certificate Authority into a temporary directory. Example:
/export/software/ca.cer

Import the certificate:

# /usr/local/bea/jdk150_04/bin/keytool -import 
-trustcacerts -alias OpenSSLTestCA -file /export/software/ca.cer 
-keystore /usr/local/bea/jdk150_04/jre/lib/security/cacerts 
-storepass changeit

Owner: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun, 
O=Sun, L=Santa Clara, ST=California, C=US 
Issuer: EMAILADDRESS=nobody@nowhere.com, CN=OpenSSLTestCA, OU=Sun,
O=Sun, L=Santa Clara, ST=California, C=US 
Serial number: 97dba0aa26db6386 
Valid from: Tue Apr 18 07:55:19 PDT 2006 
until: Tue Jan 13 06:55:19 PST 2009 
Certificate fingerprints: 
						MD5: 9F:57:ED:B2:F2:88:B6:E8:0F:1E:08:72:CF:70:32:06 
						SHA1: 31:26:46:15:C5:12:5D:29:46:2A:60:A1:E5:9E:28:64:36:
						80:E4:70 
Trust this certificate? [no]: yes Certificate was added to keystore

Verify that the certificate was imported successfully:

# /usr/local/bea/jdk150_04/bin/keytool -list 
-keystore /usr/local/bea/jdk150_04/jre/lib/security/cacerts 
-storepass changeit | grep openssl 

openssltestca, Oct 2, 2006, trustedCertEntry,