Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Import the Certificate Authority Root Certificate into Web Server 2

The web policy agent on Protected Resource 2 connects to OpenSSO Enterprise through Load Balancer 2. The load balancer is SSL-enabled, so the agent must be able to trust the load balancer SSL certificate to establish the SSL connection. For this reason, import the root certificate of the Certificate Authority (CA) that issued the Load Balancer 2 SSL server certificate into the policy agent certificate store.

Before You Begin
  1. As a root user, log into the pr-2 host machine.

  2. Import ca.cer, the CA root certificate, into cacerts, the certificate store.

    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -import -trustcacerts 
    -alias OpenSSLTestCA -file /export/software/ca.cer 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts -storepass changeit
    Owner:, CN=OpenSSLTestCA, OU=Sun,
    O=Sun,L=Santa Clara, ST=California C=US
    Issuer:, CN=OpenSSLTestCA, OU=Sun,
    O=Sun,L=Santa Clara, ST=California C=US
    Serial number: f59cd13935f5f498
    Valid from: Thu Sep 20 11:14:51 PDT 2008 18 07:66:19 PDT 2006 
    until: Thu Jun 17 11:41:51 PDT 2010
    Certificate fingerprints:
    MD5: 78:7D:F0:04:8A:5B:5D:63:F5:EC:5B:21:14:9C:8A:B9
    SHA1: A4:27:8A:B0:45:7A:EE:16:31:DC:E5:32:46:61:9E:B8:A3:20:8C:BA
    Trust this certificate: [no] yes
    Certificate was added to keystore.
  3. Verify that ca.cer was imported.

    # /opt/SUNWwbsvr/jdk/jre/bin/keytool -list 
    -keystore /opt/SUNWwbsvr/jdk/jre/lib/security/cacerts 
    -storepass changeit | grep -i open
    openSSLTestCA, Sep 20, 2008, trustedCertEntry,
  4. Log out of the pr-2 host machine.