Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
81828384858687888990
Using Secure Sockets Layer (SSL) with an Agent
Chapter 3 Policy Agents on Microsoft Windows 85
The Agent’s Default Trust Behavior
This section only applies when Identity Server itself is running SSL. By default, the
policy agent installed on a supported web server will trust any server certificate
presented overSSL by the web server that runs Sun ONE Identity Server; the agent
does not check the root Certificate Authority (CA) certificate. If the web server that
runs Sun ONE Identity Server is SSL-enabled, and you want the policy agent to
perform certificate-checking, you must do two things:
1. Disable the agent’s default trust behavior.
2. Install a root CA certificate on the remote web server where the agent is
installed. The root CA certificate must the be same one that is installed on the
web server that runs Sun ONE Identity Server.
Disabling the Agent’s Default Trust Behavior
The following property exists in the AMAgent.properties file, and by default it is
set to true:
com.sun.am.trustServerCerts=true
This means that the agent does not perform certificate checking.
To Disable the Default Behavior
The following property must be set to false:
com.sun.am.trustServerCerts=false
Installing the Identity Server Root CA Certificate
on the Agent Web Server
The root CAcertificatethat you installonthe web servertheagent protects mustbe
the sameone that is installed onthe web server that runsSun ONE Identity Server.
Installing the Root CA Certificate on Sun ONE Web Server
See the instructions for installing a root CA Certificate in the documentation that
comes with the web server. Generally, this is done through the web server’s
Administration console. Access the documentationfor Sun ONE Web Server6.0 on
the Internet at the following URL:
http://docs.sun.com/source/816-5682-10/esecurty.htm#1011961