產生自簽憑證
您需要為每個伺服器和閘道之間的 SSL 通訊產生憑證。
安裝之後產生自簽憑證
-
以超級使用者身份,在您想要產生憑證的閘道機器上執行 certadmin 程序檔:
portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name
系統便會顯示憑證管理功能表。
1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate From Certificate Authority (CA) 5) Delete Certificate 6) Modify Trust Attributes of Certificate (e.g., for PDC) 7) List Root CA Certificates 8) List All Certificates 9) Print Certificate Content 10) Quit choice: [10] 1
-
在憑證管理功能表上選擇選項 1。
憑證管理程序檔會詢問您是否想要保留現有的資料庫檔案。
-
請輸入組織特定的資訊、記號名稱和憑證名稱。
備註 –如需萬用字元憑證,請在主機的完全合格的 DNS 名稱中指定一個 * 號。例如,如果主機的完全合格 DNS 名稱為 abc.sesta.com,請指定為 *.sesta.com。產生的憑證現在對於 sesta.com 網域中的所有主機名稱都有效。
What is the fully-qualified DNS name of this host? [host_name.domain_name] What is the name of your organization (ex: Company)? [] What is the name of your organizational unit (ex: division)? [] What is the name of your City or Locality? [] What is the name (no abbreviation please) of your State or Province? [] What is the two-letter country code for this unit? [] Token name is needed only if you are not using the default internal (software) cryptographic module, for example, if you want to use a crypto card (Token names could be listed using: modutil -dbdir /etc/opt/SUNWportal/cert/gateway-profile-name -list); Otherwise, just hit Return below. Please enter the token name. [] Enter the name you like for this certificate? Enter the validity period for the certificate (months) [6] A self-signed certificate is generated and the prompt returns.
記號名稱 (預設空白) 和憑證名稱儲存於 /etc/opt/SUNWportal/cert/ gateway-profile-name 之下的 .nickname 檔案中。
-
重新啟動憑證以使閘道生效:
./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway
- © 2010, Oracle Corporation and/or its affiliates