test

Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Create an SSL Enabled HTTP Listener Port on Web Server 1

The wadm command line interface, bundled with the Web Server, is used in this procedure.

Before You Begin

This procedure assumes that you have just completed To Request and Install a Server Certificate and a Root Certificate for Web Server 1 and are still logged in as the non-root user.

  1. Create an SSL enabled HTTP listener port on Web Server 1.


    # ./wadm create-http-listener --user=admin 
--password-file=/export/da80adm/admin.pwd 
--host=da-1.example.com --port=8989 
--listener-port=1443 --config=da-1.example.com 
--server-name=da-1.example.com 
--default-virtual-server-name=da-1.example.com 
http-listener-2

CLI201 Command 'create-http-listener' ran successfully

  2. (Optional) Verify that the listener was created.


    # ./wadm get-ssl-prop --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com 
--http-listener=http-listener-2

tls=true
client-auth-timeout=60
client-auth=false
enabled=false
ssl2=false
max-client-auth-data=1048576
tls-rollback-detection=true
ssl3=true

    The output indicates that the listener was properly created.

  3. Enable SSL for the newly created HTTP listener port.


    # ./wadm set-ssl-prop --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com 
--http-listener=http-listener-2
enabled=true

CLI201 Command 'set-ssl-prop' ran successfully

  4. Associate the HTTP listener port with the nickname of the certificate.


    # ./wadm set-ssl-prop --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com 
--http-listener=http-listener-2
server-cert-nickname=da-1

CLI201 Command 'set-ssl-prop' ran successfully

  5. (Optional) Verify that SSL is enabled on the listener port and is configured with an associated server certificate.


    # ./wadm get-ssl-prop --user=admin 
--password-file=/export/da80adm/admin.pwd 
--config=da-1.example.com 
--http-listener=http-listener-2

tls=true
server-cert-nickname=da-1
client-auth-timeout=60
client-auth=false
enabled=true
ssl2=false
max-client-auth-data=1048576
tls-rollback-detection=true
ssl3=true

    The output indicates that SSL is enabled and da-1 is the associated certificate nickname.

  6. Deploy the modified configuration.


    # ./wadm deploy-config --user=admin 
--password-file=/export/da80adm/admin.pwd 
--host=da-1.example.com port=8989
da-1.example.com

CLI201 Command 'deploy-config' ran successfully

  7. Restart the Web Server instance.


    # cd /opt/SUNWwbsvr/https-da-1.example.com/bin
# ./stopserv ; ./startserv

server has been shutdown

Sun Java System Web Server 7.0U2 B12/09/2007 09:02
info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_12]
from [Sun Microsystems Inc.]
info: HTTP3072: http-listener-1: http://da-1.example.com:1080 ready to
accept requests
info: HTTP3072: http-listener-2: https://da-1.example.com:1443 ready to
accept requests
info: CORE3274: successful server startup

    The output indicates that http-listener-2 is SSL is enabled and ready to accept requests.

  8. Remove the temporary administration password file.


    # cd /export/da80adm
# rm admin.pwd

  9. (Optional) Access https://da-1.example.com:1443 from a web browser to verify that the secure port can be invoked.

    Tip –

    A message may be displayed indicating that the browser doesn't recognize the certificate issuer. If this happens, install the CA root certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.