Scribd Logo
Carica

Benvenuto in Scribd!

  • Configure SSL

    Caricato da

    Nikhil Goel
    63 visualizzazioni25 pagine
    Single Sign On

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Single Sign On

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    63 visualizzazioni25 pagine

    Configure SSL

    Caricato da

    Nikhil Goel
    Single Sign On

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 25

    OFSS Ltd.

    - OBP
    Configure SSL

    Name
    Author

    Kishore Mukati

    Current Status

    Initial

    Date

    01-Sep-2011

    Contents
    OID Authenticator on SSL............................................................................................................2
    OID Policy Store on SSL.............................................................................................................5
    One-Way-SSL between Presentation and Application Weblogic Servers.....................................6
    Generate Server Private Key and Certificate........................................................................6
    Create the Identity Keystore.................................................................................................8
    Import the Certificate into a new Trust keystore....................................................................8
    Configure Application Domains Weblogic with Custom Identity and Trust keystores............9
    Import Certificate in the JRE of Presentation Domain.........................................................24

    OID Authenticator on SSL


    It is assumed that Oracle Internet Directory Authenticator is already configured.
    Open Weblogic server admin console and go to Home >Summary of Security Realms >myrealm
    >Providers

    Click on OIDAuthenticator and select Provider Specific tab.

    Change Port to 3131 and check SSLEnabled checkbox.

    Save these changes and restart Weblogic Server.

    OID Policy Store on SSL


    It is assumed that Weblogic domain is already re-associated with Oracle Internet Directory.
    Open jps-config.xml file and replace all ldap://<OID SERVER IP>:3060 with ldaps://<OID SERVER
    IP>:3131

    Save these changes and restart Weblogic Server.

    One-Way-SSL between Presentation and Application Weblogic


    Servers
    Following are the steps to configure one-way-ssl between presentation and application weblogic servers.

    Generate Server Private Key and Certificate


    Open command prompt and go to Application domain home.

    Execute setDomainEnv.cmd which is available in bin folder of the domain.

    Now run following command


    java utils.CertGen -selfsigned -certfile SampleSelfCA.cer -keyfile SampleSelfKey.key -keyfilepass
    welcome1 -cn "Sample Self CA"

    Create the Identity Keystore


    Now run this command
    java utils.ImportPrivateKey -keystore SampleIdentityStore.jks -storepass welcome1 -keypass welcome1
    -alias sampletrustself -certfile SampleSelfCA.cer.pem -keyfile SampleSelfKey.key.pem -keyfilepass
    welcome1

    Import the Certificate into a new Trust keystore


    Execute following command
    keytool -import -trustcacerts -alias sampletrustself -keystore SampleTrust.jks -file SampleSelfCA.cer.der
    -keyalg RSA
    It will prompt for keystore password, Enter welcome1

    Configure Application Domains Weblogic with Custom Identity and Trust keystores
    Open Weblogic admin console and go to Home >Summary of Servers >AdminServer and click on
    Keystores tab

    Click on Change button

    Select Custom Identity and Custom Trust from drop down and press save button.

    Provide following details


    Custom Identity Keystore
    Custom Identity Keystore Type
    Custom Identity Keystore Passphrase
    Confirm Custom Identity Keystore Passphrase
    Custom Trust Keystore
    Custom Trust Keystore Type
    Custom Trust Keystore Passphrase
    Confirm Custom Trust Keystore Passphrase

    Absolute path of SampleIdentityStore.jks file


    JKS
    welcome1
    welcome1
    Absolute path of SampleTrust.jks file
    JKS
    welcome1
    welcome1

    Click Save button and click on SSL tab.

    Provide following details and click Save button.


    Private Key Alias
    Private Key Passphrase
    Confirm Private Key Passphrase

    sampletrustself
    welcome1
    welcome1

    Click on Advanced link.

    Make sure Two Way Client Cert Behavior is set to Client Certs Not Requested.
    Open General tab and check SSL Listen Port Enabled checkbox and press Save button.

    Now restart admin server of Application Domain.


    See the log file of admin server, it should load the entire SSL configuration.

    Now browse to https://localhost:7002/console


    All being well, the server should present the client with a certificate.

    Click on Certificate Error button.

    Click on Install Certificate button and follow the instructions. When you next go into the Certificate
    Management screen you will see the SampleSelfCA.cer listed under Trusted Root Certification
    Authorities

    Click on Export button.

    Press Next button.

    Select Base-64 encoded X.509(.CER) and click on Next button.

    Specify the file name and click Next button.

    Click Finish button.

    Import Certificate in the JRE of Presentation Domain


    Go to <MIDDLEWARE_HOME>\<JDK_HOME>\jre\lib\security

    Run following command.


    keytool -import -alias sampletrustself -file D:\SampleSelfCA.cer -keystore cacerts
    It will prompt for keystore password, enter changeit

    Now restart admin server of Presentation Domain.

    Potrebbero piacerti anche