Skip Headers
Oracle® Identity Manager Connector Guide for PeopleSoft Employee Reconciliation
Release 9.1.1

E11205-13
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

C Setting Up SSL on Oracle WebLogic Server

This section describes how to configure SSL on Oracle WebLogic Server for PeopleTools 8.50.

To set up SSL on Oracle WebLogic Server:

  1. Generate signed public encryption key and certificate signing request (CSR).

    1. Start PSKeyManager by navigating to the appropriate directory on the MS-DOS command prompt.

    2. Enter the following at the command line:

      pskeymanager –create
      
      start PSKeyManager

      The PSKeyManager opens.

    3. Enter the following at the command line:

      At the Enter current keystore password [press ENTER to quit] command prompt, enter the password. The default password is password.

      At the Specify an alias for this certificate <host_name>? command prompt, enter the certificate alias and press Enter. The default certificate alias is the local machine name.

      At the What is the common name for this certificate <host_name>? command prompt, enter the host name for the certificate, for example <host_name>.corp.myorg.com.

      Press Enter.

      command line values

      Enter the appropriate information at the following command prompts:

      Organization unit

      Organization

      City or Locality

      State or Province

      Country code

      Number of days the certificate should be valid (Default is 90.)

      Key size to use (Default is 1024.)

      Key algorithm (Default is RSA.)

      Signing algorithm (Default is MD5withRSA or SHA1withDSA.)

    4. At the Enter a private key password <press ENTER to use keystore password> prompt, specify the password or press Enter.

      command prompt values
    5. Verify that the values you entered are correct, and press Enter.

      The PSKeyManager generates a public key and provides the CSR that you must submit to the Certificate Authority (CA) for signing.

      The following example shows a sample CSR:

      -----BEGIN NEW CERTIFICATE REQUEST----- MIIBtDCCAR0CAQAwdDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEDAOBgNVBAcTB1Bob2VuaXgxFDASBgNVBAoTC1Blb3BsZVRvb2xzMRMwEQYDVQQLEwpZW9wbGVzb2Z0MRYwFAYDVQQDEw1NREFXU09OMDUxNTAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC43lCZWxrsyxven5QethAdsLIEEPhhhl7TjA0r8pxpO+ukD8LI7TlTntPOMU535qMGfk/jYtG0QbvpwHDYePyNMtVou6wAs2yr1B+wJSp6Zm42m8PPihfMUXYLG9RiIqcmp2FzdIUi4M07J8ob8rf0W+Ni1bGW2dmXZ0jGvBmNHQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAKx/ugTt0soNVmiH0YcI8FyW8b81FWGIR0f1Cr2MeDiOQ2pty24dKKLUqIhogTZdFAN0ed6Ktc82/5xBoH1gv7YeqyPBJvAxW6ekMsgOEzLq9OU3ESezZorYFdrQTzqsEXUp1A+cZdfo0eKwZTFmjNAsh1kis+HOLoQQwyjgaxYI=
      -----END NEW CERTIFICATE REQUEST-----
      
      CSR

      The CSR is a text file, and is written to the <PSFT_HOME>\webserv\peoplesoft directory. The file name is <host_name>_certreq.txt.

  2. Submit CSRs to CAs for signing:

    Note:

    The set of pages are different depending on what CA you plan on using.

    1. Click Download a CA certificate, certificate chain, or CRL.

      Download a CA certificate
    2. Click advanced certificate request.

      Advanced Certificate Request
    3. Click Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

      Submit Request

      The Submit a Certificate Request or Renewal page appears.

    4. Paste the content of the CSR in the Saved Request list box.

      Certificate page

      The CA may send the signed public key (root) certificate to you by e-mail or require you to download it from a specified web page.

    5. Download and save the signed public key on your local drive.

      Download key
  3. Download the root certificate.

    1. Click Download a CA certificate, certificate chain, or CRL.

      Download root certificate
    2. From the CA certificate list, select the certificate.

      select certificate
    3. Download and save the root certificate on your local drive.

  4. Import a server-side public key into a keystore.

    1. Open PSKeyManager.

    2. Navigate to the required directory on the MS-DOS command prompt.

    3. Enter the following at the command line:

      pskeymanager -import
      
      command
    4. At the Enter current keystore password command prompt, enter the password and press Enter.

    5. At the Specify an alias for this certificate <host_name>? command prompt, enter the certificate alias and press Enter.

    6. At the Enter the name of the certification file to import command prompt, enter the path and name of the certificate to import.

      root certificate commands
    7. At the Trust this certificate command prompt, enter Yes and press Enter.

      trust certificate
  5. Generate and import public keys.

    1. Place the public key from your CA in the keystore. The location of the keystore is as follows:

      <PSFT_HOME>\webserv\peoplesoft\keystore

    2. Install the certificate for server authentication SSL on Oracle WebLogic Server using the following command:

      pskeymanager -import
      
      Install certificate
    3. At the Enter current keystore password command prompt, enter the password and press Enter.

    4. At the Specify an alias for this certificate <host_name>? command prompt, enter the certificate alias and press Enter.

    5. At the Enter the name of the certification file to import command prompt, enter the path and name of the certificate to import.

      Surrounding text describes install_cert1.gif.

      Certificate is successfully installed in the keystore.

      Surrounding text describes install_cert2.gif.
  6. Configuring the Oracle WebLogic Server to use the keystore.

    1. Log in to Oracle WebLogic Administration Console.

      Admin Console
    2. Expand PeopleSoft, Environment, Servers, PIA to setup the SSL configuration for the PIA server.

      SSL configuration
    3. Click the Keystores tab.

    4. From the Keystores list, select Custom Identity and Custom Trust.

    5. In the Identity region, complete the following fields:

      - In the Custom Identity Keystore field, enter keystore/pskey.

      - In the Custom Identity Keystore Type field, enter JKS.

      - In the Custom Identity Keystore Passphrase field, enter password.

      - In the Confirm Custom Identity Keystore Passphrase field, enter password again.

      Keystore settings
    6. On the SSL tab, ensure that the parameter Two Way Client Cert Behavior is set to Client Certs Requested and Enforced.

      Keystore tab
    7. Click the Activate Changes button.

      Activate Change
  7. Add root certificate.

    1. Expand Security, Security Objects, and then click Digital Certificates.

      configure certificate
    2. Click Add Root.

  8. Configure the Peoplesoft certificates.

    Note:

    You can use the same root certificate generated in Step 2.

    1. Expand Security, Security Objects, and then click Digital Certificates.

    2. Add a local node type certificate.

    3. Set Alias to the default local node.

      Default local node
    4. Click Request.

    5. Send this certificate request to the CA to get a new certificate.

      certificate request
    6. Click OK.

      certificate signing request
    7. Ensure that the local node appears on the Digital Certificates list.

      local node
    8. Click Import.

      The Import Certificate page appears.

      Import certificate
    9. Click OK.

      digital certificate list
    10. Click Load Gateway Connectors.

      load gateway connector

      The following message appear:

      Loading Process was successful. Number of connectors loaded:0. Number of Properties loaded:0. (158,42)
      

      Click OK.

    11. Click Ping Node to ping your local node.

      ping node