Importing the Root CA Certificate for Secure OpenSSO Rainbow Connections
By docteger on Dec 22, 2009
When configuring OpenSSO for a scenario that involves a secure connection (SSL or LDAPS) and multiple JVMs, you need to import the root CA certificate into the JVM trust store (by default
JAVA_HOME/jre/lib/security/cacerts) and restart the OpenSSO web container before performing any configurations. For example, to configure a second instance of OpenSSO in a defined Site (when the first instance of OpenSSO is SSL-enabled), the root Certificate Authority (CA) certificate for the first OpenSSO server certificate must be imported into the JVM key store of the web container in which the second instance of OpenSSO is deployed. (Restart the web container of the second instance after the import.) An example of a command to import a root CA certificate to this key store is:
keytool -import -v -alias alias -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file CAcert.crtUse the following command to verify that the root CA certificate was imported correctly.
keytool -list -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeitNow enjoy a secure Rainbow Connection with Deborah Harry and Kermit the Frog.