test

Deployment Example 2: Federation Using SAML v2

ProcedureTo Import the Root CA Certificate into the Web Server 3 Key Store

The Web Policy Agent on Protected Resource 3 connects to Federation Manager servers through Load Balancer 9. The load balancer is SSL-enabled, so the agent must be able to trust the load balancer SSL certificate in order to establish the SSL connection. To do this, import the root CA certificate that issued the Load Balancer 3 SSL server certificate into the Web Policy Agent certificate store.

Before You Begin

Obtain the root CA certificate, and copy it to the Protected Resource 3 host . Copy the certificate into the file /export/software/ca.cert.

  1. Copy the root CA certificate to Protected Resource 3.

  2. Open a browser, and go to the Web Server 3 administration console.

    http://ProtectedResource-3.siroe.com:8888

  3. Log in to the Web Server 3 console using the following information:

    User Name:

    admin

    Password:

    11111111

  4. In the Select a Server field, select ProtectedResource-3.siroe.com, and then click Manage.

    Tip –

    If a “Configuration files have not been loaded” message is displayed, it may be because the Web Server instance that is being accessed through the administration server has had its configuration files manually edited. This is the case when the Web Policy Agent is installed. The mirror configuration files are different from the current configuration files. In order to be sure the changes are not lost, you must apply the changes. First click Apply, and then click Apply Changes. The configuration files are read, and the server is stopped and restarted.

  5. Click the Security tab.

  6. On the Initialize Trust Database page, enter a Database Password.

    Enter the password again to confirm it, and then click OK.

  7. In the left frame, click Install Certificate and provide the following information, and then click OK:

    Certificate For:

    Choose Trusted Certificate Authority (CA).

    Key Pair File Password:

    password

    Certificate Name:

    rootCA.cert

    Message in this File:

    /export/software/ca.cert

  8. Click Add Server Certificate.

  9. Click Manage Certificates.

    The root CA Certificate name rootCA.cert is included in the list of certificates.

  10. Click the Preferences tab.

  11. Restart Web Server 3.

    On the Server On/Off page, click Server Off. When the server indicates that the administration server is off, click Server On.

  12. Restart Web Server 3.

    # cd /opt/SUNWwbsvr/https-ProtectedResource-3.siroe.com
# ./stop; ./start