Importing the DAS Certificate
The Enterprise Server installation program performs the following tasks for you.
-
Imports the DAS certificate by copying sjsas.crt to the apache-install-dir/conf/ssl.crt directory.
-
Appends the following lines to apache-install-dir/conf/extra/httpd-ssl.conf in Apache 2.2.x or to apache-install-dir/conf/httpd.conf in Apache 2.0.x.
<Location /lbconfigupdate> SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL SSLCACertificateFile apache-install-dir//conf/ssl.crt/sjsas.crt SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ and %{SSL_CLIENT_S_DN_O} eq "Sun Microsystems" \ and %{SSL_CLIENT_S_DN_OU} eq "Sun GlassFish Enterprise Server" \ and %{SSL_CLIENT_M_SERIAL} eq "<serial_number>" ) </Location> <Location /getmonitordata> SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL SSLCACertificateFile apache-install-dir/conf/ssl.crt/sjsas.crt SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ and %{SSL_CLIENT_S_DN_O} eq "Sun Microsystems" \ and %{SSL_CLIENT_S_DN_OU} eq "Sun GlassFish Enterprise Server" \ and %{SSL_CLIENT_M_SERIAL} eq <serial_number> ) </Location>
Note –For Apache 2.2.x, ensure that the line, Include conf/extra/httpd-ssl.conf is uncommented in the apache-install-dir/conf/httpd.conf file.
The value for serial-number needs to be generated from the DAS certificate file. Use the following command for generating the serial-number: keytool -printcert -file sjsas.crt. Change all lowercase characters to upper case in the output of this command and use it as the serial-number. This command will also print the name of the application server you are using.
- © 2010, Oracle Corporation and/or its affiliates