Establishing Secure Service

You can quickly and easily provide secure service with Web Access installations. You do so by enabling the Secure Socket Layer (SSL) feature of the Java Web Server. For requirements and a step-by-step procedure, see "Using Secure Sockets Layer (SSL) with Java Web Server," at the following URL (assuming Sun Web Access 1.0 and the Java Web Server have been installed and are running):

http://<hostname>:8080/system/doc/security/ssl.html

This procedure shows you how to store server credentials in the key repository. Once server credentials are stored in the key repository, the Java Web Server will prompt the site administrator for a passphrase in order to gain access to the repository. By default, the server attempts to open a dialogue box using an X11 display at ":0". If the server is unable to open this dialogue box, server start-up will fail.

For sites that require hands-off restart ability

WA_ARGS=$WA_ARGS "-passfile"

#chown root /opt/SUNWjeev/keys.passphrase 

#chmod 600 /opt/SUNWjeev/keys.passphrase

---

Note - You must perform step 3 to protect the passphrase.

---

For sites that require secure login

You can also configure Web Access services to require that users log in using secure connections only. Web Access provides a simple mechanism for enforcing this policy:

/opt/SUNWwa/properties/realm.Sims.properties

SimsAuth.sslRequired=<yes|no>

#/etc/rc3.d/K89webaccess stop

#/etc/rc3.d/S89webaccess start

You also can use the SIMS Administration Console to configure the "Document Root Directory" such that the Secure Web Service has exclusive access to the following Web Access directory:

/opt/SUNWwa/public_html/WebAccess

To do so, see the Java Web Server documentation.