Installation guide

Using Secure Sockets Layer (SSL) With an Agent

52 Sun ONE Identity Server Policy Agents 2.1 • Web Policy Agents Guide • April 2005

❍ cert-name can be any name for this root CA certificate.

❍ cert-dir is the directory where the certificate and key stores are located.

❍ cert-file is the base-64 encoded root CA certificate file.

For more information on the certutil utility, enter certutil -H for online

Help.

4. To verify that the certificate is properly installed, at the command line, enter

the following:

# ./certutil -L -d .

Trust database information will be displayed including the name of the root

CA certificate you installed. See the following example.

To Install the CA Certificate on Domino Web Server

See the instructions for installing a CA Certificate in the documentation that comes

with the web server. Generally, this is done through the web server's

Administration console.

1. Go to the following directory:

Agent_Install_Dir/Agents/domino/utils

2. Add the same certificate that is installed on the web server that runs Identity

Server services into the existing certificate database. At the command line,

enter the following command:

certutil -A -n cert-name -t "C,C,C" -d cert-dir -i cert-file

Certificate Name Trust Attrubutes

cert-name C,C,C

p Valid peer

P Trusted peer (implies c)

c Valid CA

T Trusted CA to issue client certs (implies c)

C Trusted CA to certs(only server certs for ssl) (implies c)

u User cert

w Send warning