Chapter 6 Post-Installation of Policy Agent 2.2 for Sun Java System Web Server 7.0
This chapter describes configuration steps of Policy Agent 2.2 for Sun Java System Web Server 7.0.
This chapter covers the configuration of SSL with the agent. After completing
the applicable tasks described in this chapter, perform the tasks to configure
the web agent to your site's specific needs as explained in Chapter 7, Managing Policy Agent 2.2 for Sun Java System Web Server 7.0.
Using SSL With Agent for Sun Java System Web Server 7.0
During installation, if you choose the HTTPS protocol, Agent for Sun Java System Web Server 7.0 is
automatically configured and ready to communicate over Secure Sockets Layer
(SSL). Before proceeding with tasks in this section, ensure that the Sun Java System Web Server 7.0 instance
is configured for SSL.
Caution –
You should have a solid understanding of SSL concepts and the
security certificates required to enable communication over the HTTPS protocol.
See the documentation for Sun Java System Web Server 7.0.
To Configure Notification on Agent for Sun Java System Web Server 7.0 for
SSL
If Sun Java System Web Server 7.0 is running
in SSL mode and is receiving notifications, first perform the following broadly
defined steps:
-
Add the Sun Java System Web Server 7.0 certificate’s root CA certificate
to the Access Manager’s certificate database.
-
Mark the CA root certificate as trusted to enable Access Manager to
successfully send notifications to Agent for Sun Java System Web Server 7.0.
Default Trust Behavior of Agent for Sun Java System Web Server 7.0
This section only applies when Access Manager itself is running
SSL. By default, the web agent installed on a remote Sun Java System Web Server 7.0 instance
trusts any server certificate presented over SSL by the Access Manager host.
The web agent does not check the root Certificate Authority (CA) certificate.
If the Access Manager host is SSL-enabled and you want the agent to perform
certificate checking, adhere to the guidelines as described in the following
subsections:
Disabling the Default Trust Behavior of Agent for Sun Java System Web Server 7.0
The following property in the web agent AMAgent.properties configuration
file controls the agent’s trust behavior, and by default it is set to true:
com.sun.am.trust_server_certs
To Disable the Default Trust Behavior of Agent for Sun Java System Web Server 7.0
With the property com.sun.am.trust_server_certs set
to true, the web agent does not perform certificate checking.
Setting this property to false is one of the steps involved in
enabling the web agent to perform certificate checking as illustrated in the
following task.
-
Set the following property in the web agent AMAgent.properties configuration file to false as follows:
com.sun.am.trust_server_certs = false
-
Set the directory Cert DB in the web agent AMAgent.properties configuration file.
The following is a UNIX-based
example of how to set this property:
com.sun.am.sslcert.dir
= /opt/SUNWam/servers/alias
-
Set the Cert DB Prefix, if required.
In cases where
the specified Cert DB directory has multiple certificate databases, the following
property must be set to the prefix of the certificate database to be used:
com.sun.am.certdb.prefix
Set the property
as follows:
com.sun.am.certdb.prefix = https-host.domain.com.host-
|
Installing the Access Manager Root CA Certificate
for a Remote Sun Java System Web Server 7.0 Instance
The root CA certificate that you install on the remote instance of Sun Java System Web Server 7.0 must
be the same one that is installed on the Access Manager host.
To Install the Access Manager Root CA Certificate on Sun Java System Web Server 7.0
-
For instructions on installing a root CA certificate, see the
documentation for Sun Java System Web Server 7.0.
以 PDF 格式下载本书 (972 KB)