During the agent installation, if you specified the HTTPS protocol, the Web Proxy Server 4.0.x agent should already be configured and ready to communicate using SSL. Before continuing with the following tasks, ensure that the Web Proxy Server 4.0.x instance is configured for SSL.
Configuring Notifications for the Web Proxy Server 4.0.x Agent for SSL
Disabling the Default Trust Behavior of the Web Proxy Server 4.0.x Agent
Installing the OpenSSO Enterprise Root CA Certificate for a Remote Web Proxy Server 4.0.x Instance
The Web Proxy Server 4.0.x instance must be running in SSL mode and receiving notifications.
Add the Web Proxy Server 4.0.x CA root certificate to the OpenSSO Enterprise certificate database.
Mark the CA root certificate as trusted to enable OpenSSO Enterprise to send notifications to the Web Proxy Server 4.0.x instance.
This section applies only if OpenSSO Enterprise is using SSL. By default the Web Proxy Server 4.0.x agent does not perform certificate checking, because the following property in the agent's OpenSSOAgentBootstrap.properties configuration file is set to true:
com.sun.identity.agents.config.trust.server.certs = true
The agent trusts any server certificate sent over SSL by the OpenSSO Enterprise host. If you want the agent to perform certificate checking, follow this task.
Find the agent's OpenSSOAgentBootstrap.properties file. For example:
/opt/web_agents/proxy40_agent/Agent_001/config/OpenSSOAgentBootstrap.properties
In the OpenSSOAgentBootstrap.properties file, set the following property to false:
com.sun.identity.agents.config.trust.server.certs = false
In the OpenSSOAgentBootstrap.properties file, set the following SSL properties, depending on your specific deployment:
com.sun.identity.agents.config.sslcert.dir is the directory containing the certificate database.
com.sun.identity.agents.config.certdb.prefix is the certificate database prefix, if you have multiple certificate databases in the same directory.
com.sun.identity.agents.config.certdb.password is the certificate database password.
com.sun.identity.agents.config.certificate.alias is the alias.
Restart the Web Proxy Server 4.0.x instance.
The root CA certificate that you install on a remote Web Proxy Server 4.0.x instance must be the same one that is installed on the OpenSSO Enterprise host.
For the procedure to install a root CA certificate, see the Sun Java System Web Proxy Server 4.0.10 Administration Guide.