Scribd Logo
Carica

Benvenuto in Scribd!

  • SSL

    Caricato da

    srivasthav
    88 visualizzazioni2 pagine
    setting Up SSL for PeopleSOft

    Titolo originale

    Ssl

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    setting Up SSL for PeopleSOft

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    88 visualizzazioni2 pagine

    SSL

    Caricato da

    srivasthav
    setting Up SSL for PeopleSOft

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    How SSL is configured in Peoplesoft

    How SSL is configured in Peoplesoft- Here are the steps to configure SSL 1. Generate webserver' s private key and certificate signing request (CSR).
    2. Submit CSR to your CA for signing3. Download the root certificate and intermediate CA certificates.
    4. Download SSL certificate.
    5. Import certificates into keystore.
    6. Configuring the Oracle WebLogic Server to use the keystore.
    7. Configure the Peoplesoft certificates.
    1. Generate webserver's private key and certificate signing request (CSR) 1) Backup the existing pskey filePS_HOME/<webdomain>/piaconfig/keystore$cp -p pskey pskey_ori
    2) Change directory to piabin, create or change the keystore password by issuing the command$./pskeymanager.sh -create -storepass password
    $./pskeymanager.sh -changekeystorepassword -new pshr9152 -storepass password
    provide values for -Specify an alias for this certificate,
    -Specify a common name for this certificate.
    -Answer to organization specific information.
    -What key size would you like to use - 2048
    -What key algorithm would you like to use - RSA
    -What key signing algotithm would you like to use -MD5withRSA
    -Enter a private key password - <your_password>
    Generating private key...
    ....
    Generating Certificate signing request 'CSR'.
    Certificate signing request also written to <alias>-certreq.txt
    * The Certificate Signing Request (CSR) text file generated above should not contain any blank or trailing
    spaces.
    2. Submit CSR to your CA for signing- Before you purchase an SSL Certificate, you need to generate
    a Certificate Signing Request (CSR) for the server where the certificate will be installed. To enroll for any
    of Symantecs SSL Certificate services, you will need the following information:
    - The length of time for the certificate,
    - The number of servers hosting a single domain (up to 5 servers),
    - The server platform
    - An email address where Symantec can reach you to validate the information, and
    - The Challenge Phrase - <your_password>
    3. Download the root certificate and intermediate CA certificates - Download these certificates
    from your CA site and store within PS_HOME/webserv/<webdomain>/piabin/ as - rootca.cer,
    - primary_inter.cer and
    - secondary_inter.cer.
    Root Certificate: A VeriSign Root Certificate is self signed x.509 certificate that includes the signature
    from VeriSign as the Certificate Authority which vouches for correctness of the data contained within the

    certificate. Root CA's are implicitly trusted. They are pre-installed into web browsers and many web
    servers.
    Intermediate Certificates: In certificate hierarchy, a subordinate Intermediate CA certificate will be
    issued by the Root CA to issue end-entity SSL certificate. This creates a chain of trust that begins at the
    Root CA, through the Intermediate CA and ending with the SSL certificate.
    4. Download SSL certificate - Your CA will email you your certificate or download it from the
    designated server link. Save it as Cert.cer
    5. Import certificates into keystore Step 1 Install Root Certificate and intermediate Certificates$./pskeymanager.sh -import -alias RootCA -storepass password -file rootca.cer
    $./pskeymanager.sh -import -alias primaryintermedicate -storepass password -file primary_inter.cer
    $./pskeymanager.sh -import -alias secondaryintermediate -storepass password -file secondary_inter.cer
    Note: To delete an imported certificate, use below command./pskeymanager.sh -delete -alias secondaryintermediate -storepass password
    Step 2 install your SSL Certificate. Copy the SSL certificate to
    PS_HOME/webserv/<webdomain>/piabin as cert.cer file.
    $./pskeymanager.sh -import -alias <alias_name> -storepass password -file cert.cer
    Configure the keystore for use in Weblogic 1- On WebLogic server console, expand the Servers node and choose the server you will be configuring.
    2- Next, go to Settings for PIA > Keystore (In Change Centre, activate Lock & Edit button)
    3- Click on Change and choose Custom Identity and Custom Trust as your keystore configuration type,
    then click Save.
    4- The "Custom Identity Keystore PassPhrase" should be the password you specified when the keystore
    was created. [password]
    5- You will again be asked to enter your keystore password and confirm.
    6- Enter and confirm Custom Trust Keystore Passphrase: password
    7- Click Save.
    8- Next, go to Settings for PIA > SSL.
    9- Specify the Private Key Alias and Passphrase that were used when creating your keystore.
    10- Click Save, and go to Advanced
    11- Choose Hostname Verification as None and Save.
    12- Click on Activate Changes.
    13- Reboot the WebLogic server. Your keystore should now be installed and enabled.
    14- Verify the SSL.

    Potrebbero piacerti anche