Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Apache HTTP Server 2.2.x

ProcedureTo Install the Oracle OpenSSO Root CA Certificate on the Apache HTTP Server Instance

  1. Obtain the root CA certificate file that is installed on the Oracle OpenSSO host server.

  2. On the Apache HTTP Server instance, locate the certutil utility.

    After you unzip the Apache HTTP Server agent distribution file, certutil is available in the PolicyAgent-base/bin directory.

    For example: /opt/web_agents/apache22_agent/bin/certutil

  3. Before you use certutil, set the LD_LIBRARY_PATH environment variable to the location of the certutil library files.

    After you unzip the Apache HTTP Server agent distribution file, these library files are available in the PolicyAgent-base/lib directory.

    For example: /opt/web_agents/apache22_agent/lib

  4. If necessary, create the certificate database using certutil. For example:

    # cd /opt/web_agents/apache22_agent/bin
    # mkdir /opt/apache-2.2.11/conf/certdb
    # ./certutil -N -d /opt/apache-2.2.11/conf/certdb
  5. Install the Oracle OpenSSO root CA certificate using certutil. For example:

    # ./certutil -A -n cert-name -t "C,C,C" -d /opt/apache-2.2.11/conf/certdb -i cert-request-file


    • cert-name is the name of the Oracle OpenSSO root CA certificate.

    • cert-request-file is the binary root CA certificate request file.

  6. To verify that the root CA certificate is installed correctly, use certutil with the -L option. For example:

    # ./certutil -L -d /opt/apache-2.2.11/conf/certdb

    You should see the name of the root CA certificate.

  7. Restart the Apache HTTP Server instance.