The wadm command line interface, bundled with the Web Server, is used to import the root and server certificates into the Web Server certificate store.
Copy the same root certificate imported in 4.3 Enabling Secure Communication for the Directory Server User Data Instances to the da-1 host machine. For more information, see 3.3 Obtaining Secure Socket Layer Certificates.
As a root user, log in to the da–2 host machine.
Start the Web Server Administration Server.
# su da80adm # cd /opt/SUNWwbsvr/admin-server/bin # ./startserv |
Create a temporary file that contains the administration password.
This file will be used for certificate request generation and certificate installation
# cd /export/da80adm # cat > admin.pwd wadm_password=web4dmin Hit Control D to terminate the command. ^D |
Generate a certificate signing request.
# cd /opt/SUNWwbsvr/bin # ./wadm create-cert-request --user=admin --password-file=/export/da80adm/admin.pwd --host=da-2.example.com --port=8989 --key-type=rsa --org="Sun Microsystems" --org-unit="Sun Distributed Authentication" --locality="Santa Clara" --state=California --country=US --config=da-2.example.com --token=internal --server-name=da-2.example.com |
Copy the output into a file named da-2.csr and send the request to the CA of your choice.
-----BEGIN NEW CERTIFICATE REQUEST----- MIIB2DCCAUECAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRQwEgYDVQQHEwtTYW50YSBDbGFyYTEZMBcGA1UEChMQU3VuIE1pY3Jvc3lzdGVt czEnMCUGA1UECxMeU3VuIERpc3RyaWJ1dGVkIEF1dGhlbnRpY2F0aW9uMRkwFwYD VQQDExBkYS0xLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDGdeNgE00/6o3nrG38yatMhnrJeUVR86Pj5rBk282DQQfVenuWt0hL8Y6q9KvT JQRoeclWMl94ZErdtNY0qKqXZBxhC0CCtiAvNHJAg8zErGTOADs6ptmXkzVRGBXE b7zLOGlROnK9xAw0wms/aFsbA/Mb0zMI5PDztRAf5A8fIQIDAQABoAAwDQYJKoZI hvcNAQEFBQADgYEAqap+9N/T+pzzAZL+EiG3rciKcG+Ij94Yk+3q0hMj3d3xer8Q 1shLAy4za9qHvOnT8M7hpKY6lpw4Y4N+w3eIgfDc3aCnz1Aot5Na4alWJZ81SUAZ Fl6fD7CX7KMtF6Agfpi5OV+NdOiBL6tQ7F7G70c3pYV5MnQvYf5dnuiZEkQ= -----END NEW CERTIFICATE REQUEST----- |
The CA issues and returns a certified server certificate named da-2.cer.
Install da-2.cer, the server certificate.
# ./wadm install-cert --user=admin --password-file=/export/da80adm/admin.pwd --config=da-2.example.com --port=8989 --token=internal --cert-type=server --nickname=da-2 da-2.cer CLI201 Command 'install-cert' ran successfully |
(Optional) Verify that the server certificate was properly installed.
# ./wadm list-certs --user=admin --password-file=/export/da80adm/admin.pwd --config=da-2.example.com --token=internal --cert-type=server da-2 |
The output indicates that the server certificate was properly installed.
Install ca.cer, the root certificate.
# ./wadm install-cert --user=admin --password-file=/export/da80adm/admin.pwd --config=da-2.example.com --port=8989 --token=internal --cert-type=ca --nickname=OpenSSLTestCA ca.cer CLI201 Command 'install-cert' ran successfully |
(Optional) Verify that the certificate was properly installed.
# ./wadm list-certs --user=admin --password-file=/export/da80adm/admin.pwd --token=internal --cert-type=ca --config=da-2.example.com | grep -i open openSSLTestCA - sun |
The output indicates that the root certificate was properly installed.