Installing SSL Certificates From the Certificate Authority (Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide)

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Installing SSL Certificates From the Certificate Authority

During the installation of the Gateway, a self-signed certificate is created and installed by default. At any point after installation, you can install SSL certificates signed by vendors who provide official certificate authority (CA) services, or by your corporate CA.

The three steps involved in this task are:

Ordering a Certificate from a CA

After generating a certificate signing request (CSR), you need to order the certificate from the CA using a CSR.

To Order a Certificate From a CA

Go to the Certificate Authority’s web site and order your certificate.

Provide the CSR as requested by the CA. Provide other information if requested by the CA.

You will receive your certificate from the CA. Save it in a file. Include the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines with the certificate in the file.

The following example omits the actual certificate data.
-----BEGIN CERTIFICATE----- The certificate contents... ----END CERTIFICATE-----

Installing a Certificate from a CA

Using the certadmin script, install the certificate obtained from the CA in your local database files in /etc/opt/SUNWportal/cert/gateway-profile-name.

To Install a Certificate From a CA

As root, run the certadmin script.

portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name

The certificate administration menu is displayed.

1) Generate Self-Signed Certificate
2) Generate Certificate Signing Request (CSR)
3) Add Root CA Certificate
4) Install Certificate From Certificate Authority (CA)
5) Delete Certificate
6) Modify Trust Attributes of Certificate (e.g., for PDC)
7) List Root CA Certificates
8) List All Certificates
9) Print Certificate Content
10)Quit
choice: [10]
4

Choose option 4 on the certificate administration menu.

The script asks you to enter the certificate file name, certificate name, and the token name.

What is the name (including path) of file that contains the certificate?
Please enter the token name you used when creating CSR for this certificate. []

Supply all the required information.

The certificate is installed in /etc/opt/SUNWportal/cert/gateway-profile-name, and the screen prompt returns.

Restart the Gateway for the certificate to take effect:

./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway