Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Import the Root Certificate to the Web Server 2 JDK Certificate Store

Before You Begin

Copy ca.cer, the same CA root certificate used in 4.3 Enabling Secure Communication for the Directory Server User Data Instances, to the JDK certificate store in the /export/WS7 directory on the da–2 host machine.

  1. As a root user, log into the da–2 host machine.

  2. Import ca.cer into cacerts, the certificate store.

    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -import 
    -trustcacerts -alias OpenSSLTestCA -file /export/WS7/ca.cer 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
    -storepass changeit
    Owner:, CN=openssltestca, 
    OU=am, O=sun, L=santa clara, ST=california, C=us
    Issuer:, CN=openssltestca, 
    OU=am, O=sun, L=santa clara, ST=california, C=us
    Serial number: f59cd13935f5f498
    Valid from: Thu Sep 20 11:41:51 PDT 2008 until: 
     Thu Jun 17 11:41:51 PDT 2010
    Certificate fingerprints:
     MD5:  78:7D:F0:04:8A:5B:5D:63:F5:EC:5B:21:14:9C:8A:B9
     SHA1: A4:27:8A:B0:45:7A:EE:16:31:DC:E5:32:46:61:9E:B8:
    Trust this certificate? [no]: yes
    Certificate was added to keystore
  3. (Optional) Verify that the root certificate was successfully imported.

    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -list 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
    -storepass changeit | grep -i open
    openssltestca, Jul 1, 2008, trustedCertEntry
  4. Restart the Web Server instance.

    # su da80adm
    # cd /opt/SUNWwbsvr/
    # ./stopserv ; ./startserv
    server has been shutdown
    Sun Java System Web Server 7.0U2 B12/09/2008 09:02
    info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_12]
    from [Sun Microsystems Inc.]
    info: HTTP3072: http-listener-1: ready to
    accept requests
    info: HTTP3072: http-listener-2: ready to
    accept requests
    info: CORE3274: successful server startup
  5. Log out of the da-2 host machine.