This blog entry is two years old. You can do this with the OpenSSO configurator now when you deploy the WAR.
I found this procedure internally and I thought it might help some externally. The engineer was configuring OpenSSO to communicate with an SSL data store.
Set up your data store with SSL enabled.
Import a root certificate for your data store to the web container using the following command:
JAVA_HOME/bin/keytool -import -keystore keystore_file_name -keyalg RSA -trustcacerts -alias alias_name -storepass changeit -file certificate_file_name
For Sun Application Server 9.1, keystore_file_name in the default domain1 is /opt/SUNWappserver/domains/domain1/config/cacerts.jks
For Sun Web Server 7.0U1, keystore_file_name is /usr/jdk/entsys-j2se/jre/lib/security/cacerts
Restart the web container.
When running the WAR configurator, you can't point to the SSL port so you must point to the non-SSL port.
Log into the administration console as the administrator; by default amadmin.
Create a new data store configuration or edit the existing one.
Click the Data Stores tab for the appropriate realm under the Access Control tab. Be sure to enable the following two attributes:
LDAP Server must have the host name and SSL port of the SSL data store.
LDAP SSL must be checked.
Create a new User that points to the SSL port of the data store.
Click the Directory Configuration tab after choosing the appropriate Server under the Sites and Servers tab, located under the Configuration tab. Select New... under User and configure the user so that it points to the SSL port.
Delete the default non-SSL user and save.
And now OpenSSO is configured to communicate with a secure directory. In celebration here's another type of communication: Telecommunication, live by A Flock of Seagulls.