To Initialize the Application Server 4 Certificate Database

Before You Begin

You must have access to the certutil command to complete this task. See 2.11 Obtaining and Using the Certificate Database Tool.

1. Log into the Protected Resource 4 host.

2. Copy into a temporary directory the root CA certificate from the Federation Manager load balancer.

   For example, in this deployment example, the JDK keystore is in the following directory:

   /usr/jdk/entsys-j2se/jre/lib/security

   This directory contains the Federation Manager trusted CA files, including cacert.

3. Go to the following directory:

   /var/opt/SUNWappserver/domains/domain1/config

   This directory contains two files you will need. The files are named cert8.db and key3.db, and are installed by default with Application Server 8.1. By default, Application Server 8.1 uses the NSS certificate databases for SSL purposes. You must import the Federation Manager load balancer root CA certificate to this Application Server certificate database.

4. Obtain a copy of the Federation Manager 1 root CA certificate.

   You can obtain a copy from the certificate issuer. Or you can copy the certificate stored on the Federation Manager 1 host.

   In this deployment example, the Federation Manager 1 root CA certificate has already been copied to the following directory on Protected Resource 4:

   /net/slapd/export/share/cacert

5. In the directory where you deployed the certutil utility, run the certutil command. Example:

   # certutil -A -n rootCA -t T,c,c -i /net/slapd/export/share/cacert -d .

6. To verify that the certificate was properly initialized, list the certificates in the database:

   # certutil -L -n rootCA -d .

   A list of certificates is displayed, and the initialized certificate file is included in the list.