Previous Contents DocHome Index Next |
iPlanet Trustbase Payment Services 1.0 Installation and Configuration Guide |
Chapter 2 Installation
The following chapter outlines the installation procedures for the various components.
Installation Overview
The diagram below illustrates how the various components are related to each other, and the message paths between each component. In order to have a fully functional system all of these components require installation and configuration.
Figure 2-1    Installation Overview
![]()
Installation Script
Although it is not necessary to install the components on individual machines the figure above shows the recommended configuration to avoid unnecessary confusion. It can however be used for testing purposes. Other configurations may be possible. For instance, each machine acting as both a buyer and sellers bank. There are a number of main steps that need to be applied appropriately to the four machines labeled Machine A - Machine D in the figure. It is recommended that the page is copied or detached to assist you install and cross-reference the install sections.
Install the pre-requisite third party software
An Oracle 8.17database must be installed and available for use by all of the machines running in the iTPS installation. An Oracle database may be installed on each node in the system, a single node in the system, or an independent node that is accessed by each of the machines.
Install the base components for the Buyer and Seller's banksInstall an Identrus compliant PKI. This must include an appropriate Validation Authority component and be capable of supporting the Identrus Certificate Status Check protocol.
Install an nCipher HSM on each machine in order to perform cryptographic operations
Install the iTTM 2.2.1 on both Machines.
Install the components that make up the Payments Services productInstall the iMQ and its patch on both Machines.
Install the iWS 6.0 for the Bank in a Box administration tools on both machines.
Install the iTPS 1.0
Install the Buyer and seller web site componentsHTTP/HTTPS inbound and outbound Proxy
Install the Bank in a Box (BiaB) back office simulator
Install the Bank in a Box (BiaB) administrator tool
Install the iWS 6.0 on both machines
Optionally install the CPI library for use in developing applicationsInstall the Buyers Bank Website (BFI)
Install the Sellers Bank Website (Tooledup demonstrator)
Assumptions
The `\' is used to indicate a line continuation
The following default installations will be used
Before using the install scripts, ensure your terminal type is set to vt100 or vt220. For example:
The documentation assumes four machines for the install. You may however use less. Typically sellers and buyers banks appear on the same machine. In the examples illustrated in the next sections it is assumed that all sellers , buyers, sellers bank and buyers bank operate from one machine and the oracle host is on another as indicated below:
You should be logged in as root to perform these installs
GemSAFE IS 1.1 for Identrus System 16000 Smartcards are configured on Buyer PC for use with Tooledup Seller Website.
When installing the iWS 6.0 make sure that you select the option that specifies an external JDK 1.2 i.e.use the one supplied with Solaris in /usr/java as the JDK included does not support the BiaB administration tools.
Availability
The CD supplied with the product contains all of the required components to install the system EXCEPT:These will need to be acquired from the appropriate vendor, installed and configured, prior to installing any of the iPlanet Payments Services components.
Oracle 8.17 requirements (step 1a)
Your Oracle 8.17 installation must be configured with a user capable of :When installing Oracle you will need to allocate sufficient space to the user. We would recommend the following:
You will be required to provide the details of the Oracle installation at various points during the installation. The information required will be:
The Oracle instance must be available during the installation of the product as most components require the capability to log into the database using SqlPlus and populating tables from information supplied in SQL scripts.
PKI Requirements (step 1b)
Your software must be configured as PKI compliant with Identrus (See Identrus Document IT-PKI http://www.identrus.com ) including all Transaction Coordinator profiles.It is expected that the RA, CA, and VA components are running during the installation as certain components require certificates to be issued.
nCipher requirements (step 1c)
The nCipher components are generally stand alone and little information is required about the nCipher components. It is however useful to know the port that the nCipher Hardserver is running on (Default is 9000) as this is required at some points during installation.iTTM 2.2.1 does not make use of an operator card. It requires the admin card to be present for the first Crypto operation and can then be removed. A three corner test would provide this first Crypto operation.
Buyer and Seller Bank base components
iTTM 2.2.1 (step 2a)
Each Bank machine will need to have an iTTM installed and configured.In order to install these components you will need to follow the instructions in the iTTM 2.2.1 installation guide found in
http://docs.iplanet.com/docs/manuals/trustbase/221/install/contents.htm
The instructions in chapter 1 Pages 13-62 provide information on how to install the following:
Chapter 4 provides information on how to configure and check that the components are operational.
NOTE: All of the software for the above installation is included on the iTPS CD.
iPlanet Message Queue for Java 2.0 (step 2b)
The iPlanet message Queue (iMQ) component provides a means for the iTPS and the Bank in a Box components to communicate with each other. This means that an iMQ installation must be performed on both the Buyers and Sellers bank machines.iPlanet Message Queue for Java is shipped with iTPS and may be found in the iMQ2.0 sub directory on the CD.
Installation
The iMQ installation uses the Solaris package mechanisms to install the software on the machine. Assuming that the supplied CD has been mounted on /cdrom then the following commands will install the software:cd /cdrom/cdrom0/iTPS/iMQ2.0/imq2_0-pkgs
You will be asked a question during the installation. Unless you have specific installation requirements then by using the defaults provided you will install all of the iMQ packages.
These settings will fulfill all the iTPS iMQ requirements.
If you require further information then details of how to install iMQ 2.0 can be found in point 7 within the following document that requires vi or a text document to read:
http://docs.iplanet.com/docs/manuals/javamq/20/install.pdf
Example installation and Configuration
cd /cdrom/cdrom0/iTPS/iMQ2.0/imq2_0-pkgsSelect package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:
do you wish to run the jmqbroker? [y,n] n
Once the iMQ is installed, install the SP1 patch. This process is documented in the file using a text editor, e.g:
vi /cdrom/cdrom0/iTPS/iMQ2.0/SP1/111858-01/install.pdf
NOTE: The file has a .pdf extension but is a text file and may be read using the vi editor. Once the software has been installed on either the buyer or seller machine, perform the second installation before progressing to patch the iAS installation.
The command to install the patch is:
Configuring with iAS
The next step is to configure the iTTM/iAS instance to use the appropriate iMQ installation. This operation will need to be performed on both of the Buyer and Seller machines. Before performing this operation it is important to ensure that the iAS has been shut down. This can be performed by executing the following scripts:<iTTM install directory>/TTM/Scripts/stoptbase
<iTTM install directory>/TTM/Scripts/stopias
<ias6_install_directory>/slapd-porsche/stop-slapd
/opt/iplanet/ias6/slapd-porsche/start-slapd
If the iTTM had been installed in `/opt/TTM' the commands would be:
/opt/iplanet/ias6/slapd-porsche/stop-slapd
/opt/iplanet/ias6/slapd-porsche/start-slapd
To configure iAS for use with iMQ, execute jmssetup. This must be performed as the root user. You will be asked several questions, now illustrated below:
bash-2.03# cd /opt/iplanet/ias6/ias/jms/bin
iAS install directory is /opt/iplanet/ias6/ias
Are you using IBM MQ v5.1 as message provider [Y] :n
Enter the dynamic library run path (LD_LIBRARY_PATH) for your JMS message provider. When finished, hit return only) :
Will append to LD_LIBRARY_PATH? Is this correct? [Y] :
Enter the elements (absolute path) for the JMS provider CLASSPATH
When finished, hit return only. :/opt/SUNWjmq/lib/jmq.jar
Enter the elmements (absolute path) for the JMS provider CLASSPATH
When finished, hit return only. :/opt/SUNWjmq/lib/jmqadmin.jar
Enter the elmements (absolute path) for the JMS provider CLASSPATH
When finished, hit return only. :
Will append :/opt/SUNWjmq/lib/jmq.jar:/opt/SUNWjmq/lib/jmqadmin.jar to CLASSPATH?
Once configured on one machine, configure the second machine before progressing to installing the iTPS components.
At this point there is no need to start the iMQ services. Instructions for starting the iMQ service are shown in Chapter 4.
Installing iWS 6.0 for BiaB administration (2c)
In order to be able to install the Bank in a Box administrator component, a web Server needs to be available. The iTPS CD contains a iWS 6.0 package that is shipped for this use. Run the iWS6.0 setup tool located inSelecting the default values for the installation may cause the iWS 6.0 installation to clash with the iWS 4.1 installed for the iTTM 2.2.1. In order to avoid this ensure that the Administration server port and the Web server port are set to values other than 8888 and 80 respectively. We recommend using 8890 and 90 respectively. If in doubt about which ports the webserver for iTTM was using, restart the webserver and the admin server:
./opt/iws6/https-porsche.uk.sun.com/stop
./opt/iws6/https-porsche.uk.sun.com/start
./opt/iws6/https-admserv/start
When installing the iWS 6.0 make sure that you select the option that specifies an external JDK 1.2 i.e.use the one supplied with Solaris in /usr/java as the JDK included does not support the BiaB administration tools.
Ensure that a web server is installed on both the Buyer and Seller bank machines prior to moving on to the installation of the iTPS components.
If you make a mistake while installing your webserver, remove the web server either in its entirety as illustrated below
or removing an individual instance from the console using the < remove server> option. You should also stop the webserver first.
Mail Server (step 2d)
The mail server is used for asynchronous payment messages and can be provided by your corporate mail server or an installation of a new mail server such as iPlanet Messaging Server installed on an available machine.A mail user will be required by the iTPS install script in step 3a.
Installing iTPS Components
The iTPS components reside on both the Buyer and Seller bank machines. The following sections describe the installation of these components.
Payments Services installation (3a)
Make sure you have installed and configured iPlanet Trustbase Transaction Manager 2.2.1 and iPlanet Message Queue for Java 2.0
Make a security back up of your Trustbase directory structure:
This is required because the iTPS install cannot be un-installed, and installing the iTPS more than once on a iTTM installation will not work. If an installation of the iTPS fails for any reason you are advised to restore the backup and start again.cp -R <Trustbase_install_directory>/Trustbase \ <Trustbase_install_directory>trustbase.bak
Figure 2-2    iPlanet Trustbase Payment Services Installation Welcome Screen
![]()
Figure 2-3    Locale Selection
![]()
Figure 2-4    iPlanet Trustbase Transaction Manager Installation Directory
![]()
Figure 2-5    Database Settings
![]()
The Oracle database being supplied needs to be the database used by the iPlanet Trustbase Transaction Manager software on which iPlanet Trustbase Payment Services plug-in is being installed. The following information is required:
Figure 2-6    iPlanet Message Queue For Java Settings
![]()
Notes: The JMS Broker port default is 7676 unless a non-default installation of iMQ was performed.
JMS Server name is your host where you installed iMQ for java
The Outbound Queue name is the queue going from the iTPS to BiaB and will need to be recorded for later use. SEND_QUEUE is a suitable name for this.
The Queue pool group id will need to be recorded for later use. seller is a suitable id for this.
The other defaults provided should be suitable for a standard installation.
Figure 2-7    Payments Mail Settings
Next enter the following as illustrated above.
SMTP host. This is the host where customer email acknowledgements are sent.
From field. This is the From field of the customer acknowledgement email
Figure 2-8    iPlanet Trustbase Payment Server Verification Panel
![]()
The screen displays the user's choices in order to aid the correct installation. You will need to make a note of the information in this screen as the information is required to install other components later in the process.
Figure 2-9    Component Selection
![]()
On entering the screen the size of iPlanet Trustbase Payment Services software application is displayed. In order to install this software the user needs to select the checkbox.
Figure 2-10    Ready to Install
![]()
This screen indicates the amount of space that is required to install iPlanet Trustbase Payment Services software. It also indicates the location of the iPlanet Trustbase Transaction Manager system that the iPlanet Trustbase Payment Services plug-in will be installed into.
You should make a note of these locations as they will be required later in the installation process. There are then two screens that update settings within iTTM and iAS.
Figure 2-11    Updating iPlanet Trustbase Transaction Manager
![]()
Figure 2-12    Installation Summary
![]()
Pressing the details button will display the software installed on the system and alterations to the existing configurations of iPlanet Trustbase Transaction Manager.
Configuring the iTPS database tables
The iTPS Transaction Recovery Process needs to access the subjectDN field of the cert_data table during certificate chain retrieval. The standard install of iTTM 2.2.1 does not store the subjectDN information. An update script is provided with the iTPS that converts the iTTM cert_data table into the necessary format while retaining all the stored certificate information.This is implemented in the shell script:
<iTTM_install_directory>/TTM/Scripts/updateCertDataTable
Following the installation of the iTPS.
This script needs to be run once, and before iTPS is run. It creates a backup of the original cert_data table as cert_data_backup_<timestamp>, adds the subjectDN to the cert_data table and populates it.
Prior to running the script you will need the following information:
Oracle database username and password
The following command runs the script:Database driver class (Usually oracle.jdbc.driver.OracleDriver)
An example of this is shown below:
Enter database connection string (e.g. jdbc:oracle:thin:user/password@host:1521:orcl):
jdbc:oracle:thin:charles/charles@windstorm:1521:orcl
Enter database driver class (e.g. oracle.jdbc.driver.OracleDriver):
oracle.jdbc.driver.OracleDriver
----------------------------------------------------------------
Creating backup of cert_data --> cert_data_backup_997350025767
Cert: C=GB,O=Identrus,OU=Identrus Root,CN=Identrus Root CA, serial: 1, subject: C=GB,O=Identrus,OU=Identrus Root,CN=Identrus Root CA
Note: If this is a new installation and the iTTM has not been used as a Transaction coordinator then there will be a cert count of 0 and the operation will complete almost instantly. The operation will have been successful as the database table columns will have been updated.
This operation needs to be performed on both the Buyer and Seller banks iTTM installation.
Set up iTPS database tables
You will now need to run oracle scripts. If Oracle is not installed on the same machine as the iTPS installation then you either have to copy the ./TTM/V2.2/Config/sql directory to the database server or install the Oracle client on the machine. There are two alternative situations here.
Oracle on same machine as iTPS. Alternatively this can be an Oracle client.
This will need to be executed on the database(s) used by both the Buyer and Seller banks iTPS installations.
Assuming the sql directory has been copied to the DB server, log on to the database server, su - oracle
Oracle on different machine as iTPS. For example:Run SQLPlus and enter the username and password
Execute the script payments.sql e.g. sqlplus>@Payments.sql;
Exit SQLPlus & the Oracle user.
JMS Proxy Installation (step 3b)
The JMS Proxy provides a mechanism for the iTTM to receive inbound messages from an iMQ queue. Messages are taken from the queue and forwarded to iTTM over HTTP. You will need to install a JMS Proxy on both the Buyer and Seller bank machines.
Figure 2-13    Configuring JMS Proxy
![]()
Note: This queue is used to send asynchronous response messages from the Bank in a Box to iTPS via the JMS Proxy. The queue name is set as TCQueue/sendName in biabconf.xml and as queue.name in jmsproxy.properties. In order for the JMS Proxy to receive messages on this queue, the queue names used here needs to match.
The JMS proxy is supplied as a compressed archive
/cdrom/cdrom0/jmsproxy/jmsproxy.tar
Extract this file in a suitable location e.g.
cp /cdrom/cdrom0/jmsproxy/jmsproxy.tar /opt/iplanet
JMS Proxy Configuration
To configure the server you will need to modify a number of files using the settings mentioned in the previous section.
If you have iMQ on your system in the standard location (/opt/SUNWjmq) you will not need to modify the JMQ_DRIVER setting. If the iMQ is not located in the standard location then:
Note: Make sure the destination URL is the server host name of the appropriate Buyer or Seller bank iTTM installation. Make a note of this URL as you will need this it again when configuring the Bank in a Box components.
Modify the following lines in the jmsproxy /config/jmsproxy.properties:
- Modify the script jmsproxy/scripts/jmsproxy such that the JMQ_DRIVER environment variable is pointing to the correct location for the JMQ driver. e.g. /apps/SUNWjmq
Destination is the URL to which message content will be forwarded (See figure Figure 2-13)
destination=http://hostname/NASApp/NASAdapter/TbaseNASAdapter?Fo rwarded-by:JMSProxy
You will need to change just the hostname component to an appropriate value e.g.
http://porsche.UK.Sun.COM/NASApp/NASAdapter/TbaseNASAdapter?Forw arded-by:JMSProxy
queue.host is the hostname of the machine where the JMS broker is listening.
queue.port The port on which the JMS broker is running by default this will be 7676 unless it was changed during the iMQ installation.
queue.name The name of the queue on which to receive messages. This is the asynchronous send queue as specified in the Bank in a Box configuration
HTTP/HTTPS Proxy Implementation (step 3c)
The standard out of the box configuration is illustrated in the diagram below. iTTM communicates directly with the outside world over an HTTP socket.
Figure 2-14    Standard iTTM installation
![]()
When the computer hosting the iTTM server has a direct connection to the outside world, malicious users may attack the server and gain access to its functionality. To prevent this, a firewall can be installed that blocks access except via a known channel (e.g. only HTTP inbound access on port 80). To provide a further level of protection, a proxy server may be implemented outside the firewall. This accepts and creates connections on behalf of the server, communicating over a channel that only it has access to.
Figure 2-15    Proxy with single firewall
![]()
A further layer of security may now be put in place by placing the proxy behind a second firewall. This has the effect of stopping the proxy from receiving unwanted requests.
Figure 2-16    Proxy with two firewalls
![]()
This has sometimes been referred to as a DMZ (demilitarised zone). In most deployments inbound and outbound requests will be handled by separate proxies on separate machines. In the case of inbound proxies, the proxy intercepts requests to the iTTM server and forwards them to the iTTM server along a secure channel.
Figure 2-17    Example Inbound Proxy
![]()
Since iTTM sees an inbound request as identical to either the proxy or the Identrus root or Bank, no iTTM settings need be changed for inbound proxies.
HTTPS Tunnelling
In the case of Outbound proxies iTTM acts as the SSL Client and utilises the proxy as a `tunnel' to the outside. When proxying, it is important to know which machine is the trusted client. If the iTTM is the trusted client then all SSL client certificates must come from iTTM and the proxy will not be able to decode the contents of the messages. In this situation SSL tunnelling is used to pass the encrypted communications packets through the proxy. In this case iTTM needs to know where to send requests.
Figure 2-18    Example Outbound Proxy
![]()
For outbound proxies the following parameters need to be added in the section [XURLHttps] within:
<iTTM_install_directory>/<hostname>/tbase.properties
Note that this section already exists in tbase.properties and as such should be modified rather than created from scratch.
HTTPS Forwarding
In the case that the proxy is the trusted client then SSL certificates must be stored on the proxy machine. iTTM will then communicate with the proxy on an encrypted channel and the communication is connected to a secure channel at the proxy. In such circumstances, tbase.properties should be modified as follows:Note that this section already exists in tbase.properties and as such should be modified rather than created from scratch.
Default Settings
The following default settings are used if they are not explicitly set:
Installing BiaB backoffice simulator (3d)
The Bank in a Box (BiaB) back office simulator is designed to create responses to messages received by the iTPS from the buyer and seller web sites. The BiaB must be installed on both the Buyer and Seller Banks servers.It is not imperative that the iTTM and iTPS are running during installation, and if they have been started following the iMQ proxy installation it is preferable that they are shut down.
In order to install the BiaB on each machine follow the instructions below:
Extract a copy the BiaB files from your cdrom to a suitable location e.g.
The actual configuration settings and their use are described in the table below:cp /cdrom/cdrom0/biab/biab.tar /opt/iplanet/biab.tar
To configure the server you will need to modify two files to set certain parameters and run the SQL on the appropriate Oracle database. In order to configure the BiaB follow the instructions below.
Run the biab.sql SQL script on the payments database server. This may involve copying the SQL script to the appropriate machine if Oracle is remotely located. Also logging onto Oracle. As in the example mentioned in the previous section headed "Set up iTPS database tables":
cd /opt/iplanet/biab/config/sql/
Edit the BiaB script so that the environment variables are correct
Modify the script such that the ORACLE_DRIVER and JMQ_DRIVER environment variables are pointing to the correct locations for the oracle driver and JMQ driver respectively.
The /opt/iplanet/biab/config/Biabconf.xml file now needs to be modified. The table below identifies the parameters that require modification. The following text is an example illustrating the configuration settings
If you have iMQ on your system in the standard location (/opt/SUNWjmq) you will not need to modify the JMQ_DRIVER setting.
- Note: You will already have a copy of the ORACLE_DRIVER in the iTTM sub-directory e.g. <iTTM_install_directory>/TTM/V2.2/Lib3p/10/classes12_01.zip
- Pointing the ORACLE_DRIVER environment variable to this location is an acceptable solution.
<BiabConfig responseProcessor="com.iplanet.trustbase.payments.biab.test.Test ResponseGenerator" threads="10">
connectionFactory="com.sun.messaging.QueueConnectionFactory"/>
connectionFactory="com.sun.messaging.QueueConnectionFactory"/>
connectURL="jdbc:oracle:thin:charles/charles@windstorm:1521:orcl "
driverClass="oracle.jdbc.driver.OracleDriver"
Having installed the BiaB on either the Buyer or Seller Bank machines, install the BiaB on the other machine before moving on to the BiaB administration tool.
Installing BiaB Admin Tool (step 3e)
The BiaB administration tool is a Web application designed to run on the iWS 6.0 Web server set up earlier. A BiaB administrator tool should be installed on both the Buyer and Seller Bank machines that host the iTPS and BiaB components. The BiaB Admin tool web application is located on the BiaB directory.In order to deploy the Web application you must perform the following:
Make sure the web server is running. For example:
./opt/iws6/https-porsche.uk.sun.com/start
Make sure the IWS_SERVER_HOME environment variable is set to your <server_root> directory. A typical example of this might be
IWS_SERVER_HOME=/opt/iws6;export IWS_SERVER_HOME
Make sure that the <server_root>/bin/https/httpadmin/bin directory is in your path.
PATH=$PATH:$IWS_SERVER_HOME/bin/https/httpadmin/bin;export PATH
Deploy Bank in a Box using the iWS 6.0 web application deployment tool wdeploy. The deployment tool takes a number of parameters:
Once the application is deployed, modify
- <uri_path> The URI prefix for the web application. This must be a unique name for the web application for the server it is being deployed to e.g. BiaBAdmin
- <instance> The server instance name e.g. porsche.UK.Sun.COM.
- <vs_id> The virtual server ID e.g. https-porsche.UK.Sun.COM.
<biab_install_directory> The directory to which the application is deployed. If it doesn't already exist it will be automatically created during deployment. If the directory does exist it needs to be empty.
wdeploy deploy -u <uri_path> -i <instance> -v <vs_id>
-d <biab_install_directory> biab-servlet.war
- For example,
wdeploy deploy -u /BiaBAdmin -i porsche.UK.Sun.COM -v https-porsche.UK.Sun.COM -d web/biab biab-servlet.war
- will deploy the servlet on the porsche.UK.Sun.COM server instance, and create the directory, and unpack the war file under the directory/opt/iplanet/biab/web/biab. The following out put should be observed while deploying:
reconfigure failure: server not running
Web application successfully deployed
<biab_install_directory>/WEB_INF/classes/queue.properties
Once the classpath is correct and the queue properties are set, restart the server instance. For instance:
In a separate window start the iMQ message queue
In a separate window start the jmsproxy
Start the bank in a box back end in a separate window:
Once deployed successfully, the Web Site can be accessed from the browser with the following url.
http://<hostname>:<port>/<uri_path>/Biab
Figure 2-19    Bank in a Box Admin Tool Welcome Screen
![]()
Before logging in you need to add a username and password. See"Running Bank in a Box Back End"
Installing the Buyer and Seller websites
The following sections describe how to install the components required to run the Buyer and Seller web sites. These web sites will be used to interact with the Buyer and Seller iTPS components installed previously.
Installing the iWS 6.0 (step 4a)
In order to run the web applications that make up the buyer and sellers web sites, a web Server needs to be available on each machine. The iTPS CD contains an iWS 6.0 package that is shipped for this use.Run the iWS6.0 setup tool located in
Selecting the default values for the installation of the iWS 6.0 should be sufficient for most installations. The only non-standard option you will need to specify is the option that specifies an external JDK 1.2 i.e. /usr/java. This is because the JDK included does not support the buyer and seller web site functionality tools.
Ensure that a web server is installed on both the Buyer and Seller machines prior to moving on to the installation of the Buyer and Seller web applications.
Installing Buyers Bank Website (step 4b)
The bank's web site is archived in to a war file. To install the web site, this war file needs to be deployed on the web server. It can be found on your cdrom as illustrated belowIt does not matter whether iTTM and iTPS are running during installation. However they, and all their associated components such as iAS and iWS, should be running if you need to run this component
Make sure the IWS_SERVER_HOME environment variable is set to your <server_root> directory. A typical example of this might be
IWS_SERVER_HOME=/opt/iws6;export IWS_SERVER_HOME
Before you can deploy a web application manually, make sure that the <server_root>/bin/https/httpadmin/bin directory is in your path.
PATH=$PATH:$IWS_SERVER_HOME/bin/https/httpadmin/bin;export PATH
Deploy the war file using following command wdeploy command where:
An Oracle 8.17 JDBC driver needs to be installed in the WEB-INF/lib directory. This will be the same Oracle 8.17 Driver installed in the Buyer and Seller banks iTTM installations in th e<iTTM_install_directory>/TTM/v2.2/lib3p/10 directory. The filename used might be classes12_01.zip depending on the version of Oracle you are using. Copy this driver into the WEB-INF/lib directory on the Buyers website machine.
- <uri_path> is the path name specified while deploying the application.
- <uri_path> The URI prefix for the web application.
- <instance> The server instance name.
- <vs_id> The virtual server ID.
- <bfi_install_directory> The directory to which the application is deployed. This directory will be automatically created during deployment, if it doesnt already exist. After deployment, the application will get extracted in this directory. If the directory does exist it needs to be empty.
wdeploy deploy -u /<uri_path> -i <instance> -v <vs_id>
-d <bfi_install_directory> /cdrom/cdrom0/bfi/bfi.war
- For instance,
wdeploy deploy -u /BFI -i porsche.uk.sun.com -v https-porsche.uk.sun.com -d web/BFI /cdrom/cdrom0/bfi/bfi.war
<bfi_install_directory>/WEB-INF/classes.
driver=oracle.jdbc.driver.OracleDriver
connection=jdbc:oracle:thin:tbase_dbase_user/\
tbase_dbase_password@tbase_dbase_host:tbase_dbase_port\
APPLICATION_DEPLOY_DIRECTORY/WEB-INF/classes/config.propert ies
- The connection string represents the database, where buyer bank's "Bank In a Box" is writing its log. Change the string APPLICATION_DEPLOY_DIRECTORY with the actual directory name.
The Buyers Website needs to communicate with the Buyers Bank. Edit the config.properties file to change the URL to the Buyers Bank iTPS installation.
http://<Buyer_Bank_HostName>/NASApp/NASAdapter/TbaseNASAdapter
This Buyers Bank application needs a signing certificate chain. This chain must be issued by buyer's bank Certificate Authority in IE5 format.
After you have finished your changes, you will need to re-start the web server for those changes to take effect. To verify the installation:
- The easiest way to create these certificates is to use the Certificate Manager utility supplied with the iTTM 2.2.1 product and described in the iTTM 2.2.1 installation guide. You will need to create a PKCS#10 request for an Identrus compliant End Entity Signing Certificate (Relying Customer Certificate), submit this to the CA that acts for the Buyers Bank, and import the resultant Base64 encoded result. Once you have the certificate, follow the instructions in the utility guide to export the certificate chain in IE5 format using a password of "password".
- Now change <Your_certificate.pfx> with the certificate name.
<bfi_install_directory>/WEB-INF/classes/<Your_certificate.pfx>
dummySellerCertPassword=password
- This signing certificate <Your_certificate.pfx> used should also be imported into the browser that will be used to access this website
kill all existing processes using
./opt/iws6/https-admserv/start
If you are using a netscape browser you'll need to export the End Entity signing certificate as a Netscape PKCS12 certificate file and import it into the browser. Make sure that the exported file contains the full chain of certificates including the Identrus root. Finally, you'll need to enable your browser as follows: Select <netscape Security><certificate signers> locate the level 1 CA certificate and make sure the following settings are made as illustrated in the diagram below:
Figure 2-20    Netscape browser certificate settings
![]()
Installing the Seller's Website TooledUp (4c)
The Sellers Website (Tooledup demonstration) is delivered in the form of a tar file called merchant.tar.Before you can begin to install TooledUp you will need to create a local Certificate Database inside the Webserver for it to use. This certificate database will contain from 3-5 certificates depending on how many roles you assign the certificates to perform, the roles are as follows.
To create the certificate databases and import the certificate complete the following steps:
Root Certificate or Trust Anchor Certificate (e.g. Identrus Root).
Level One Certificate Authority Certificate. (e.g. RP Bank CA)
End Entity Signing Certificate ( e.g. Signing Certificate e.g. SC from IP Cert) The AIA field within this certificate is used to determine the destination for the payments message)
SSL Client Transaction Certificate ( e.g. SSL Client Signing Certificate)
SSL Server Certificate (e.g. Server-Cert)
Create The Webserver Database
Now you are ready to install tooledup. You will need several pieces of information which the install script will ask you:
Access the iWS6 admin server e.g.:
Install The Root Certificate../<iws6_install_directory>/startconsole
Choose the server to manage and click manage.
Click on the security tab (it defaults to `Initialise Trust Database' screen)
Type in a new password for database and click <ok>. This will create a new database that can only be accessed using the password you have just given so ensure that you do not forget the password!
Click the <Install Certificate> Tab.
Install The CA Certificate (e.g. RP or IP CA)- Use the same process as Import The Root Certificate (above)Select <Trusted Certificate Authority>, select <message text> and paste in the Base 64 cert from your Root CA
Create and import an End Entity Signing Certificate
Click the <request certificate> tab.
Request, Generate and Import SSL Client Transaction Certificate - Same as for End Entity Signing Cert, but make sure that the name for the certificate is different (e.g. SSL Client Transaction Certificate), and keep a note of the name as you will need it later.In the <CA URL> field enter "None"
Fill in the address details part of the form and press <ok>.
Copy and paste the BASE 64 Request into your Seller Banks CA certificate request form.
Retrieve reply from CA and copy the Base 64 cert into the webserver form.
Select <This Server>, input a name for the cert (e.g. EE Signing Certificate), make a note of the name as you will need it later, Select Message Text and paste in the base 64 cert from the CA.
Request, Generate and Import SSL Server Certificate - Same as for End Entity Signing Cert except - do not give this certificate a !<certificate name> as the webserver will assign it `Server-Cert'.
Once you have prepared this information you are ready to perform the installation.
The Webserver's install directory - this is by default /opt/iws6.
The instance name of the webserver you want to install tooledup into. e.g. porsche.UK.Sun.Com
The virtual server name of the virtual server you want to install into e.g https-porsche.UK.Sun.Com
The certificate database password.
The directory you want to install to e.g. /opt/tooledup
The name of the Signing certificate ( the end entity signing certificate ). View from the <Manage Certificates> option in the iws6 Admin Server screen.
The name of the SSL Client certificate (view as for Signing Cert).View from the <Manage Certificates> option in the iws6 Admin Server screen.
The name of the trust anchor (view as for Signing Cert).View from the <Manage Certificates> option in the iws6 Admin Server screen.
The Oracle Database Username (For account where tooledup customer/order details will be stored).
Follow the steps below and answer the questions to install the tooledup Seller's Application.
Unpack the merchant.tar from your cdrom, for example
cp /cdrom/cdrom0/tooledup/merchant.tar /opt/iplanet/merchant
/opt/iplanet/merchant/scripts.
Type ./install to run the install script
Answer the questions that are asked by the install script.
If the webserver is not running you will get an error saying "Reconfigure Failed" this can be ignored at this stage.
Copy the oracle drivers into the directory deployment_dir/WEB-INF/lib
Log onto your oracle account and run the script install_merchant_ora.sql
An Oracle 8.17 JDBC driver needs to be installed in the WEB-INF/lib directory. This will be the same Oracle Driver installed in the Buyer and Seller banks iTTM installations in the lib3p/10 directory. The filename used might be classes12_01.zip depending on the version of Oracle you are using. Copy this driver into the WEB-INF/lib directory on the Buyers website machine.
The following is an example of installing Tooledup
----Truncated text output from the tar command----
# cd /opt/iplanet/merchant/scripts
Where is your iPlanet WebServer installation located?
What is the name of the instance your WebServer instance ?
What is the instance's virtual server called ? [ default ]
What is the full path to the directory you wish to deploy the application to ? [ /opt/iplanet/tooledup]
What is your keystore password ?
What is the nick name of the certificate you wish to sign requests with? [ Server-Cert ]
What is the nick name of the certificate you wish to use in SSL Client transactions ? [ Server-Cert ]
What is the nick name of the certificate you wish to verify responses with ?
What is the username of your oracle instance ? [ tooledup ]
What is the password for that user of your oracle instance ? [ tooledup ]
What is the hostname of your oracle instance ? [ windstorm ]
What is the network port of your oracle instance ? [ 1521 ]
What is the SID of your oracle instance ? [ ORCL ]
These are the parameters that you input
[1] The server location is [ /opt/iws6 ]
[2] The server instance is [ porsche.uk.sun.com ]
[3] The virtual server id is [ https-porsche.uk.sun.com ]
[4] The deployment directory [ /opt/iws6/deploy ]
[5] The keystore password is [ password ]
[6] The signing certificate nick name is [ End Entity Signing Cert ]
[7] The SSL signing certificate nick name is [ SSL Client Cert ]
[8] The verification certificate nick name is [ Identrus Root CA - Identrus ]
[9] The oracle user is [ gadgets ]
[10] The oracle password is [ ****** ]
[11] The oracle host is [ windstorm ]
[12] The oracle port is [ 1521 ]
[13] The oracle sid is [ ORCL ]
if these are acceptable hit [0] otherwise hit the number of the parameter you wish to change or hit [e] to leave the installation
----------------------------------------------
The directory /opt/iws6/deploy does not exist
----------------------------------------------
-------------------------------
-------------------------------
Reconfigure failure: server not running
Web application deploy successful
This installation area now contains several directories and files that are detailed below:
In order to use the Tooled up sellers application you will need a SmartCard that will be issued to you by a third party vendor that contains an end entity signing certificate that has been issued by the Sellers Bank CA.
scripts : This directory contains the install scripts and any data they need.
SQLscripts : This directory contains the SQL database creation scripts that will create the tables that tooledup needs to run.
bin : This directory contains the binaries ( shared-objects ) that tooledup needs to run.
merchant.war : This is the WAR file that contains the jarfiles and configuration that represent tooledup as an application. This WAR will automatically be deployed by the install script.
Restart the iws6 to be able to access the newly installed web application.You are now ready to run tooledup, access the url tooledup url e.g. http://porsche.UK.Sun.COM:<Port ID of WebServer>/merchant/tooledup
Figure 2-21    Sellers Website Tooled Up Welcome Screen
![]()
Make sure the server publishes the pages in the same language as the browser. For example
cp /opt/iplanet/tooledup/jsp/en /opt/iplanet/tooledup/<locale>
where <locale> is the language you are using.
Installing the CPI API (step 5)
The CPI API is delivered in the form of a tar file commonly called
This contains several directories and files that are detailed below:
<cpi_install_dir>/bin : contains scripts that will set your classpath and help you run the tools you will need. The scripts are all written for use with bourne shell.
It does not matter whether iTTM and iTPS are running during installation. However they, and all their associated components such as iAS and iWS, should be running if you need to run this component<cpi_install_dir>/lib : contains all the binaries that the CPI will need to run - this includes shared objects and jarfiles.
<cpi_install_dir>/store : This directory will be used to store your TokenKeyStore.
<cpi_install_dir>/doc : API documentation and TokenKeyTool detailed documentation.
Java 2 Enterpise Edition 1.2 or higher needs to be installed
You are now required to use TokenKeyTool. A description of this can be found in
<cpi_install_dir>/docs/TokenKeyTool.html
Before you can proceed you will need some trusted certificates. These certificates are in files that you have access to and each of the certificate files contain a single PEM format certificate. The certificates that you need will be.
- By typing help when running TokenKeyTool you can obtain details of how this should be used. To run this script type:
- <cpi_install_directory>/bin/tok.sh
C1 : The Identrus Root certificate (In the example below this is called PaymentsRootDevelopment.crt) This is referred to as the verification certificate.
C2 : The Buyer CA Certificate.(In the example below this is called StanTheMan.crt)
In order to create your store the following steps need to be performed:
- Finally you will need to issue a request for a signing certificate and import the signed response into your CertStore. You must request the full chain from your CA. In the example provided the Buyer and Seller signing Certificates are the same
Run the tok.sh script that starts the tokenkeytool.
We now illustrate this with an exampleType help to obtain details of useage
Create A Trust Domain using openstoremanager command eg openstoremanager -domainspace "file:///install_dir/store" -manager local.
Create a TokenKeyStore using the createstore command eg createstore -store identrus ( you will be prompted to give a password - please record this password ).
Import your trusted CA Certificate file using the command importtrustedcerts eg importtrustedcerts -file "filename" ( Note the quoting ).
Generate a holding key pair for your SellerCertificate using the command genkey eg genkey -dname "CN=CPI Test Cert" ( Note the quoting ).
View the key to acquire the generated alias for it using the command listkeys eg listkeys.
Request a certificate from your Seller CA using the command certreq eg certreq -alias <generated_key_alias> -dname "CN=CPI Test Cert" -file "/tmp/certrequest" ( Note the quoting ).
paste the generated Certreq into your CA and get the CA generated Base64 Certificate chain. Store it in a file called "certresponse"
Import the certificate into the database using the command importkeychain -file "/tmp/certresponse" ( Note The quoting ).
Quit the TokenKeyTool using the command quit.
Script started on Mon 24 Sep 2001 17:01:34 BST
TokenKeyTool> openstoremanager -domainspace "file:///iplanet/CPITest/store" -manager local
TokenKeyTool> createstore -store identrus
Login to JSS token Internal Key Storage Token: password
TokenKeyTool> importtrustedcerts -file "/iplanet/CPITest/store/PaymentsRootDevelopment.crt"
TokenKeyTool> importtrustedcerts -file "/iplanet/CPITest/store/StanTheManCA.crt"
TokenKeyTool> genkey -dname "CN=CPI Test Cert"
subject name: CN=CPI Test Cert
alias: 7733ad362cc3ecce#CN=CPI Test Cert
not before: 24-Sep-01 16:03:20
TokenKeyTool> certreq -alias "7733ad362cc3ecce#CN=CPI Test Cert" -dname "CN=CPI Test Cert" -file "/iplanet/CPITest/store/requestfile"
TokenKeyTool> importkeychain -file "/iplanet/CPITest/store/responsefile"
subject name: CN=CPI Test Cert
issuer name: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
alias: 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
issuerName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
not before: 24-Sep-01 16:09:23
subjectName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
not before: 19-Sep-01 08:23:24
subjectName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
not before: 29-Aug-01 00:00:00
subject name: CN=CPI Test Cert
issuer name: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
alias: 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
issuerName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
not before: 24-Sep-01 16:09:23
subjectName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
not before: 19-Sep-01 08:23:24
subjectName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
not before: 29-Aug-01 00:00:00
alias: 1#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
subjectName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
not before: 29-Aug-01 00:00:00
alias: 18#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
subjectName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB
issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB
not before: 19-Sep-01 08:23:24
script done on Mon 24 Sep 2001 17:12:28 BST
Now you are ready to run the test harness - you can alter the script called test.sh in the same directory as tok.sh. These can be found in the directory:
- <cpi_install_directory>/cpi/bin
- The test.sh script has parameters for what certificates need to be used. The parameters it expects are as follows.
Payment amount.
You will need to change the settings for parameters g, h, i and j.Keystore domainspace+store eg file:///<cpi_install_dir>/store#identrus
Verification certificate alias (i.e. The Identrus Root)
Seller signing certificate alias (i.e. The signing certificate)
Buyer signing certificate alias ( i.e. The signing certificate)
Once you have completed that you need to run the test program and receive a response from your TC. Before running the test script make sure jmqbroker, jmsproxy and Biab backend are all running or a Doctype error will occur. If the status field in the message ="success" then the test is successful. It looks something like the example below.
Script started on Mon 24 Sep 2001 17:30:38 BST
Init Seller [ password ] [ file:///iplanet/CPITest/store#identrus ] [ 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB ] [ 1#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB ]
Init Buyer [ password ] [ file:///iplanet/CPITest/store#identrus ] [ 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB ] [ 1#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB ]
*** Hostname: stantheman.uk.sun.com
----------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE Acknowledgement PUBLIC "-//IDENTRUS//ELEANOR_ACKNOWLEDGEMENT_DTD//en" "file:///bankInterface.dtd"><Acknowledgement><NIB id="NIB_88A06FA2E96D7490EF266A99F2EAE093A22E788E_1" version="2.0"><ContextInfo msggrpid="0C23BFB09A79CBB61E40E33806AAA787AA8D697A" msgid="SFI01"></ContextInfo><StartTime><LocalTime id="LocalTime_88A06FA2E96D7490EF266A99F2EAE093A22E788E_1" time="20010924163046Z"/></StartTime><MsgTime><LocalTime id="LocalTime_88A06FA2E96D7490EF266A99F2EAE093A22E788E_2" time="20010924162955Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_88A06FA2E96D7490EF266A99F2EAE093A22E788E_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>D/BnXyA+JgY60Nq3hn7lxNNJlKE=</DigestValue></Reference>< Reference URI="#ContentAcknowledgement_E9019A7CF47FD5037FC6D43EDE1E08FD202981 D8_1"><Transforms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>CPCKfLiW7xtPWVJxDTsTm8n0/GI=</DigestValue></Reference>< Reference URI="#Response_E9019A7CF47FD5037FC6D43EDE1E08FD202981D8_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>lqvTPizMdDfehbLpiHYvgi+KZZg=</DigestValue></Reference>< /SignedInfo><SignatureValue>B9UFdLMEBSBnamK4eq1NZHiG2bUNVTLN0nm6Yw4 h6uMFWRVWp76sIw0QJQcrwegyJZD2SLvmKz3uDaBy+sx+wdieq/UTEIuvOrd4TELph7 355i8hOhV3agWdpstxuqupS2PxqpkjTFGCdu1x0SGyxwvRcOXqFudxxiKDt9xYGGk=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>14</X509SerialNumber></X509I ssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X509Data> <X509IssuerSerial><X509IssuerName>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>14</X509SerialNumber></X509I ssuerSerial><X509Certificate>MIIDQzCCAqygAwIBAgIBDjANBgkqhkiG9w0BAQ UFADBTMQswCQYDVQQGEwJHQjEQMA4GA1U
3NoQTXAnM/tQSes7vANiPFskDCg1nxDW0m0dlHBTAYlGeDMOU77wxYAxwD7kn8zMrlB /uUwOEqsc=</X509Certificate></X509Data></CertBundle><ContentAcknowl edgement id="ContentAcknowledgement_E9019A7CF47FD5037FC6D43EDE1E08FD202981D8 _1"><Header xml:lang="en"><Product>xPx</Product><DocumentType>Acknowledgement</ DocumentType><Version>1.0</Version></Header><References><EleanorTra nsactionReference>39240ee9250ddcb580002120448471</EleanorTransactio nReference><SFIReference>Unknown</SFIReference></References><Acknow ledgementData><AcknowledgementType>PayInst</AcknowledgementType><St atus>SUCCESS</Status><ReasonCode>00PR00</ReasonCode><ReasonText>Req uest Received</ReasonText></AcknowledgementData></ContentAcknowledgement ><Response id="Response_E9019A7CF47FD5037FC6D43EDE1E08FD202981D8_1"><ResponseD ata>MIIE/QoBAKCCBPYwggTyBgkrBgEFBQcwAQEEggTjMIIE3zCCAQ+hgZUwgZIxCzA JBgNVBAYTAnVrMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEQMA4GA1
..................................
HbkMNVTiHWS6gxcBlWMo0blCXuvF571gioA4nkRsIk+aGcrSF7BJg+6hESu/sU2vTqi tSNEmtqwYvuTKaPl5XVMYRlH4zpiU838+48IzvAtUS4CyQxKfGvYHzo7cDfcQqNqy1G XQl+ldtzNVKyGf5UBPmJsJxH16X8zSX5TvxCI</ResponseData><CSCResponse><N IB id="NIB_F8C3B821A28E70139D1CC437F8340E23B42CE885_1" version="2.0"><ContextInfo msggrpid="2BAD252ABFCF8A2B3931516F0F0BC462CC92EDFE" msgid="1001349411141"></ContextInfo><StartTime><LocalTime id="LocalTime_F8C3B821A28E70139D1CC437F8340E23B42CE885_1" time="20010924162955Z"/></StartTime><MsgTime><LocalTime id="LocalTime_F8C3B821A28E70139D1CC437F8340E23B42CE885_2" time="20010924163651Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_F8C3B821A28E70139D1CC437F8340E23B42CE885_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>Ou6H7IQ2U95LvkfwjW0i6DtfUE8=</DigestValue></Reference>< Reference URI="#Response_D85200FD60A1AEC4FCD7293EADA68B1D05E8DA13_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>GUrLs/8UEnjBJENkoyY/cCUkFW0=</DigestValue></Reference>< /SignedInfo><SignatureValue>HOxQsKKycayWJYhXeyNdc52eWFHv3Y1Nz9CcigO JQHz+bKV9ewkeKoOSzbngYdufk1hyB8OloYprYIcpVXwKKFeQ7hP+7yC6ODQI1uv1LS Pi41PUlJH2Q5B7yMHZjyAbxpsudoxThHtOQ+i09KZVJSkO5+Xn1J0QDt8OOMSwtdM=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>9</X509SerialNumber></X509Is suerSerial></X509Data></KeyInfo></Signature><CertBundle><X509Data>< X509IssuerSerial><X509IssuerName>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>9</X509SerialNumber></X509Is suerSerial><X509Certificate>MIIDNjCCAp+gAwIBAgIBCTANBgkqhkiG9w0BAQU FADBTMQswCQYDVQQGEwJHQjEQMA4GA1U
.....................................
nJRKnCCsg==</X509Certificate></X509Data><X509Data><X509IssuerSerial ><X509IssuerName>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>1</X509SerialNumber></X509Is suerSerial><X509Certificate>MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQU FADBTMQswCQYDVQQGEwJHQjEQMA4GA1UEC
......................................
s7vANiPFskDCg1nxDW0m0dlHBTAYlGeDMOU77wxYAxwD7kn8zMrlB/uUwOEqsc=</X5 09Certificate></X509Data></CertBundle><Response id="Response_D85200FD60A1AEC4FCD7293EADA68B1D05E8DA13_1"><ResponseD ata>MIIE/QoBAKCCBPYwggTyBgkrBgEFBQcwAQEEggTjMIIE3zCCAQ+hgZUwgZIxCzA JBgNVBAYTAnVrMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEQMA4GA1
.................................
U2vTqitSNEmtqwYvuTKaPl5XVMYRlH4zpiU838+48IzvAtUS4CyQxKfGvYHzo7cDfcQ qNqy1GXQl+ldtzNVKyGf5UBPmJsJxH16X8zSX5TvxCI</ResponseData></Respons e></CSCResponse></Response></Acknowledgement>
----------------------------------------------------------------
iTPS Reinstallation
iWS 4.1 ReinstallFor those versions of software placed on an iWS 4.1
iWS 6.0 Reinstall
iTPS Backup
Make a backup copy of the iTPS installation and all its associated database tables.A list of tables can be found as follows:
select TABLE_NAME from ALL_TABLES;
To see what other tables need to be backed up please refer to "Database Check Points"
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated December 03, 2001