Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

3.3 Obtaining Secure Socket Layer Certificates

In order to enable secure communications using the Secure Sockets Layer (SSL) protocol you need to obtain root certificates and server certificates from a certificate authority (CA). A CA root certificate proves that the particular CA issued a particular server certificate. CA root certificates are publicly available. The root certificate used in this deployment is a test certificate issued by OpenSSL and named ca.cer. You can obtain a root certificate from any commercial certificate issuer such as VeriSign, Thawte, Entrust, or GoDaddy.

The server certificates are requested within each procedure. You should know how to request server certificates from your CA of choice before beginning a deployment. The following sections are related to requesting, installing, and importing root and server certificates: