生成自签名证书
您需要为每个服务器与网关之间的 SSL 通信生成证书。
在安装后生成自签名证书
-
以超级用户身份,在您要为其生成证书的网关机器上运行 certadmin 脚本:
portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name
显示证书管理菜单。
1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate From Certificate Authority (CA) 5) Delete Certificate 6) Modify Trust Attributes of Certificate (e.g., for PDC) 7) List Root CA Certificates 8) List All Certificates 9) Print Certificate Content 10) Quit choice: [10] 1
-
选择证书管理菜单上的选项 1。
证书管理脚本询问您是否要保留现有数据库文件。
-
输入组织特定信息、令牌名和证书名。
注 –对于通配符证书,在主机的全限定 DNS 名中指定一个 *。例如,如果主机的全限定 DNS 名为 abc.sesta.com,则将其指定为 *.sesta.com。现在,生成的证书对 sesta.com 域中的所有主机名均有效。
What is the fully-qualified DNS name of this host? [host_name.domain_name] What is the name of your organization (ex: Company)? [] What is the name of your organizational unit (ex: division)? [] What is the name of your City or Locality? [] What is the name (no abbreviation please) of your State or Province? [] What is the two-letter country code for this unit? [] Token name is needed only if you are not using the default internal (software) cryptographic module, for example, if you want to use a crypto card (Token names could be listed using: modutil -dbdir /etc/opt/SUNWportal/cert/gateway-profile-name -list); Otherwise, just hit Return below. Please enter the token name. [] Enter the name you like for this certificate? Enter the validity period for the certificate (months) [6] A self-signed certificate is generated and the prompt returns.
令牌名(默认值为空)和证书名存储在 /etc/opt/SUNWportal/cert/ gateway-profile-name 下面的 .nickname 文件中。
-
重新启动网关以使证书生效:
./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway
- © 2010, Oracle Corporation and/or its affiliates