Skip Headers
Oracle® Enterprise Manager Installation and Configuration Guide for CA Service Desk Connector
Release 12.1.0.3.0

E28577-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

7 Enabling SSL for HTTPS

This chapter provides the following procedures for configuring the CASD connector to use the HTTPS protocol:

7.1 Installing a Self-Signed Certificate

To generate and install a self-signed SSL certificate for the CASD adapter:

  1. Open a command prompt window and change the working directory to the adapters/conf directory in the CASD adapter installation directory.

  2. Execute the following command to delete the default SSL entry for the CASD adapter.

    • Unix:

      $JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
    • Windows:

      "%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
  3. Enter the following command to generate a new certificate and place it in the adapter keystore. You will need to replace <hostname> with the host name or IP address of the system where the CASD adapter is installed.

    • Unix:

      $JAVA_HOME/bin/keytool -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      
    • Windows:

      "%JAVA_HOME%\bin\keytool" -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
      

7.2 Installing a Certificate from a Certificate Authority

To request and install a signed SSL certificate for the CASD adapter:

  1. Request a certificate for the CASD adapter from a Certificate Authority, such as VeriSign.

    Note:

    In the certificate request, make sure to specify the host name or IP address of the system where the CASD adapter is installed. The host name in the certificate must match the host name or IP address the adapter uses. If they do not match, the adapter cannot function.
  2. After you obtain the certificate from the Certificate Authority, perform the following steps to install the certificate:

    1. Open a command prompt window and change the working directory to the adapters/conf directory in the CASD adapter installation directory.

    2. Enter the following command to install the certificate, where <certificateFile> is the full path name of the file provided by the Certificate Authority:

      • Unix:

        $JAVA_HOME/bin/keytool -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
        
      • Windows:

        "%JAVA_HOME%\bin\keytool" -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
        

7.3 Importing the Adapter Certificate into Enterprise Manager

To import the adapter SSL certificate into the Enterprise Manager keystore:

  1. Open a command prompt window and change the working directory to the adapters/conf directory in the CASD adapter installation directory.

  2. Enter the following command to extract the SSL certificate from the CASD adapter keystore and place it in the CASDws.cer certificate file:

    • Unix:

      $JAVA_HOME/bin/keytool -exportcert -rfc -alias iwave -file CASDws.cer -keystore keystore.jks -storepass iwavepw
      
    • Windows:

      "%JAVA_HOME%\bin\keytool" -exportcert -rfc -alias iwave -file CASDws.cer -keystore keystore.jks -storepass iwavepw
      
  3. Transfer the certificate file CASDws.cer to the system where Enterprise Manager is installed.

  4. Append the contents of the CASDws.cer file to:

    $INSTANCE_HOME/sysman/config/b64LocalCertificate.txt
    
    • Only append the following lines to the b64LocalCertificate.txt file (that is, do not include blank lines or comments or any other special characters):

      -----BEGIN CERTIFICATE-----
      <<<Certificate in Base64 format>>>
      -----END CERTIFICATE-----
      
  5. Restart the OMS by entering the following commands:

    emctl stop oms
    emctl start oms
    

Note:

Do not run the emctl secure oms/agent command after adding the external certificate to the b64LocalCertificate.txt file. If you run the emctl secure command later, repeat steps 4 and 5 to make sure the external certificate exists in the b64certificate.txt file.