Prerequisite configuration

Prior to using Trust Protection Platform to manage certificates on iPlanet servers, you should complete the following:

  1. Ensure the PK12util and Certutil utilities are installed.

    PK12util and Certutil are installed by default with a standard iPlanet install. You will need the path to both of these utilities when you configure the iPlanet Application object in Policy Tree. For more information on these utilities, refer to your iPlanet documentation.

  2. If you plan to use SQLite, ensure that NSS 3.12 or newer is installed on the target server. For NSS 3.35 or newer, the Berkeley DB is not supported. Use the default SQLite database instead. For more information, see https://wiki.mozilla.org/NSS_SQLite-based_DB.

    This is because support for SQLite was added in NSS version 3.12. For more information, see Certificate Database Type.

    IMPORTANT  The Venafi iPlanet driver does not support conversion of keystore databases to other formats. So, if you are provisioning to an existing database the Certificate Database Type must match the format of the existing database. If the setting does not match the existing format, provisioning will fail. For example, if you have an existing Berkeley database and you change the application object setting to SQLite, provisioning will fail.

  3. Create a Trust Database.

    In iPlanet Web Server, each server instance has its own certificate/key pair. The certificate/key pair is referred to as a Trust Database. The Trust Database should be created only on your local machine. Virtual servers are covered by the Trust Database created for their server instance.

    In the Trust Database, you create and store the public and private keys in a file referred to as your key-pair file. The certificate is stored in the Trust Database after installation.

    For information on creating the Trust Database, refer to your iPlanet web server documentation.

  4. Execute permissions to the Certutil and PK12util executables in the CLASS_PATH.

    Grant the following permissions to the user account that Trust Protection Platform uses to authenticate with the keystore:

    • Read and write access to the certificate database (Trust Database) where Trust Protection Platform installs the certificate, private key, and root certificate chain files. The certificate database is defined in the iPlanet Application object. For more information, see Creating an Oracle iPlanet application object.
    • Read and Write access to the Temp Directory defined in the Device object. For more information on the Device object configuration, see Creating a device object in the Policy Tree. The user account must be an owner of the keystore.

  5. Activate SSL and set your encryption preferences for the iPlanet web server.

    For information on activating SSL and setting your encryption preferences, refer to your iPlanet web server documentation.

  6. Open the SSH port.

    Trust Protection Platform uses the Secure Shell (SSH) protocol to manage certificates on iPlanet web servers; therefore, Trust Protection Platform must have access to the web server’s SSH port. The default SSH port is port 22.

  7. In the Policy Tree, create a server object for the server where the iPlanet web server is installed.

    For more information, see Creating a device object in the Policy Tree.

  8. In the Policy Tree, create and configure an iPlanet application object.

    For more information on creating Application objects, see Creating an application. For details on the object’s settings, see Creating an Oracle iPlanet application object.

  9. In the Policy Tree, associate the iPlanet Application object with the certificates stored in the keystore.

    For more information, see Associating a certificate with an application from the certificate object.