Configuring the Enterprise Tier to Trust the Gateway Tier
-
On the Gateway tier, export the keystore then copy it to the Enterprise tier.
-
Change to the config subdirectory in the Gateway tier Sun GlassFish Mobility Platform installation:
$ cd as-install/domains/domain-dir/config
-
Export the keystore to a file:
$ keytool -export -keystore keystore.jks -alias s1as -file tier1_sjsas.cer -storepass adminpass
-
Copy the exported keystore to the config subdirectory in the Enterprise tier Sun GlassFish Mobility Platform installation:
$ cp tier1_sjsas.cer /net/tier2-hostname/as-install/domains/domain-dir/config
In this case, as-install is the location where the Enterprise Server has been installed and domain-dir is the name of the Sun GlassFish Mobility Platform domain, usually mep.
-
-
On the Enterprise tier, import the keystore from the Gateway tier.
-
Change to the config subdirectory in the Enterprise tier Sun GlassFish Mobility Platform installation:
$ cd as-install/domains/domain-dir/config
-
Import the keystore that was exported from the Gateway tier:
$ keytool -import -keystore cacerts.jks -alias tier1_sjsas -file tier1_sjsas.cer -storepass adminpass -trustcacerts -noprompt
-
-
Stop then restart the Enterprise Server on the Enterprise tier to use the new security settings.
-
Stop the Enterprise Server:
$ asadmin stop-domain domain-dir
-
Restart the Enterprise Server:
$ asadmin start-domain domain-dir
-
There is a two-step process to configure trust between the Gateway tier and the Enterprise tier:
- © 2010, Oracle Corporation and/or its affiliates