To Disable the Default Trust Behavior of Agent for Apache HTTP Server 2.2 (Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.2)

Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.2

Previous: Disabling the Default Trust Behavior of Agent for Apache HTTP Server 2.2
Next: Installing the Access Manager Root CA Certificate for a Remote Apache HTTP Server 2.2 Instance

To Disable the Default Trust Behavior of Agent for Apache HTTP Server 2.2

With the property com.sun.am.trust_server_certs set to true, the web agent does not perform certificate checking. Setting this property to false is one of the steps involved in enabling the web agent to perform certificate checking as illustrated in the following task.

Set the following property in the web agent AMAgent.properties configuration file to false as follows:
```
com.sun.am.trust_server_certs = false
```

Set the directory Cert DB as described in the substeps that follow:
1. Create a directory named cert.
  
  The best practice is to create this folder in the following directory:
```
PolicyAgent-base/AgentInstance-Dir/
```
  The following is a feasible example of the full path to the cert directory:
```
/usr/local/webagents/apache22_agent/Agent_001/cert
```
  For more information about the directory structure, see Inside the Web Agent Base Directory.
2. In the web agent AMAgent.properties configuration file, set the path to the cert directory.
  
  The following example, includes the property, com.sun.am.sslcert.dir, and the value:
```
com.sun.am.sslcert.dir = PolicyAgent-base/AgentInstance-Dir/cert
```

Set the Cert DB Prefix, if required.

In cases where the specified Cert DB directory has multiple certificate databases, the following property must be set to the prefix of the certificate database to be used:

com.sun.am.certdb.prefix

Set the property as follows:
com.sun.am.certdb.prefix = https-host.domain.com.host-

Save and close the web agent AMAgent.properties configuration file.