Installation guide
Using Secure Sockets Layer (SSL) with an Agent
Chapter 4 Policy Agents on Red Hat, SuSE, and Debian Linux 123
com.sun.am.trustServerCerts=false
Installing the Root CA Certificate on the Remote
Web Server
The root CA certificate that you install on the remote web server must be the same
as the one installed on the web server that runs Sun ONE Identity Server.
To Install the Root CA Certificate
You can use the certutil program to install the root CA Certificate on Apache
web server.
1. In C shell, at the command line, enter the following commands (assuming
/etc/httpd/apache is the directory where the Apache config file is located):
# cd /etc/apache/cert
# setenv LD_LIBRARY_PATH
/Agent_Install_Dir/agents/apache/lib:/Agent_Install_Dir/agents/lib:/usr/lib/mps
2. Create the necessary certificate database if you have not already done.
# /Agent_Install_Dir/agents/apache/cert/certutil -N -d .
3. Install root CA certificate.
#/Agent_Install_Dir/agents/apache/cert/certutil -A -n cert-name -t "C,C,C" -d
cert-dir -i cert-file
In the commands above, the variables represent the following:
❍ cert-name can be any name for this root CA certificate.
❍ cert-dir is the directory where the certificate and key stores are located.
❍ cert-file is the base-64 encoded root CA certificate file.
For more information on the certutil utility, enter certutil -H for online
Help.
4. To verify that the certificate is properly installed, at the command line, enter
the following:
# ./certutil -L -d .
Trust database informationwill includethe name ofthe root CAcertificate you
installed. Example: