test

Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Request and Install a Server Certificate and a Root Certificate for Web Server 1

The wadm command line interface, bundled with the Web Server, is used to import the root and server certificates into the Web Server certificate store.

Before You Begin

Copy the same root certificate imported in 4.3 Enabling Secure Communication for the Directory Server User Data Instances to the da-1 host machine. For more information, see 3.3 Obtaining Secure Socket Layer Certificates.

  1. As a root user, log in to the da–1 host machine.

  2. Start the Web Server Administration Server.


    # su da80adm
# cd /opt/SUNWwbsvr/admin-server/bin
# ./startserv

  3. Create a temporary file that contains the administration password.

    This file will be used for certificate request generation and certificate installation


    # cd /export/da80adm
# cat > admin.pwd

wadm_password=web4dmin

Hit Control D to terminate the command.

^D

  4. Generate a certificate signing request.


    # cd /opt/SUNWwbsvr/bin
# ./wadm create-cert-request --user=admin 
--password-file=/export/da80adm/admin.pwd --host=da-1.example.com 
--port=8989 --key-type=rsa --org="Sun Microsystems" 
--org-unit="Sun Distributed Authentication" 
--locality="Santa Clara" --state=California --country=US 
--config=da-1.example.com --token=internal
--server-name=da-1.example.com

  5. Copy the output into a file named da-1.csr and send the request to the CA of your choice.


    -----BEGIN NEW CERTIFICATE REQUEST-----
MIIB2DCCAUECAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRQwEgYDVQQHEwtTYW50YSBDbGFyYTEZMBcGA1UEChMQU3VuIE1pY3Jvc3lzdGVt
czEnMCUGA1UECxMeU3VuIERpc3RyaWJ1dGVkIEF1dGhlbnRpY2F0aW9uMRkwFwYD
VQQDExBkYS0xLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDGdeNgE00/6o3nrG38yatMhnrJeUVR86Pj5rBk282DQQfVenuWt0hL8Y6q9KvT
JQRoeclWMl94ZErdtNY0qKqXZBxhC0CCtiAvNHJAg8zErGTOADs6ptmXkzVRGBXE
b7zLOGlROnK9xAw0wms/aFsbA/Mb0zMI5PDztRAf5A8fIQIDAQABoAAwDQYJKoZI
hvcNAQEFBQADgYEAqap+9N/T+pzzAZL+EiG3rciKcG+Ij94Yk+3q0hMj3d3xer8Q
1shLAy4za9qHvOnT8M7hpKY6lpw4Y4N+w3eIgfDc3aCnz1Aot5Na4alWJZ81SUAZ
Fl6fD7CX7KMtF6Agfpi5OV+NdOiBL6tQ7F7G70c3pYV5MnQvYf5dnuiZEkQ=
-----END NEW CERTIFICATE REQUEST-----

    The CA issues and returns a certified server certificate named da-1.cer.

  6. Install da-1.cer, the server certificate.


    # ./wadm install-cert --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com --port=8989 
--token=internal --cert-type=server 
--nickname=da-1 da-1.cer

CLI201 Command 'install-cert' ran successfully

  7. (Optional) Verify that the server certificate was properly installed.


    # ./wadm list-certs --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com --token=internal 
--cert-type=server

da-1

    The output indicates that the server certificate was properly installed.

  8. Install ca.cer, the root certificate.


    # ./wadm install-cert --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com --port=8989 
--token=internal --cert-type=ca 
--nickname=OpenSSLTestCA ca.cer

CLI201 Command 'install-cert' ran successfully

  9. (Optional) Verify that the root certificate was properly installed.


    # ./wadm list-certs --user=admin 
--password-file=/export/da80adm/admin.pwd 
--token=internal --cert-type=ca 
--config=da-1.example.com | grep -i open

openSSLTestCA - sun

    The output indicates that the root certificate was properly installed.