Disabling the Default Trust Behavior of the Web Proxy Server 4.0.x Agent (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Web Proxy Server 4.0.x)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Web Proxy Server 4.0.x

Previous: Configuring Notifications for the Web Proxy Server 4.0.x Agent for SSL
Next: Installing the OpenSSO Enterprise Root CA Certificate for a Remote Web Proxy Server 4.0.x Instance

Disabling the Default Trust Behavior of the Web Proxy Server 4.0.x Agent

This section applies only if OpenSSO Enterprise is using SSL. By default the Web Proxy Server 4.0.x agent does not perform certificate checking, because the following property in the agent's OpenSSOAgentBootstrap.properties configuration file is set to true:

com.sun.identity.agents.config.trust.server.certs = true

The agent trusts any server certificate sent over SSL by the OpenSSO Enterprise host. If you want the agent to perform certificate checking, follow this task.

To Disable the Default Trust Behavior of the Web Proxy Server 4.0.x Agent

Find the agent's OpenSSOAgentBootstrap.properties file. For example:

/opt/web_agents/proxy40_agent/Agent_001/config/OpenSSOAgentBootstrap.properties

In the OpenSSOAgentBootstrap.properties file, set the following property to false:
```
com.sun.identity.agents.config.trust.server.certs = false
```

In the OpenSSOAgentBootstrap.properties file, set the following SSL properties, depending on your specific deployment:
- com.sun.identity.agents.config.sslcert.dir is the directory containing the certificate database.
- com.sun.identity.agents.config.certdb.prefix is the certificate database prefix, if you have multiple certificate databases in the same directory.
- com.sun.identity.agents.config.certdb.password is the certificate database password.
- com.sun.identity.agents.config.certificate.alias is the alias.

Restart the Web Proxy Server 4.0.x instance.