C Creating and Importing Certificates Using the GlassFish Self-Signed Certificate Scripts

This appendix describes how to create and import certificates using the GlassFish self-signed certificate scripts. It contains the following topics:

• Installing Self-signed Certificates on Oracle Health Sciences Information Gateway CONNECT Adapter

• Installing Self-signed Certificates on Oracle Health Sciences Information Gateway CONNECT Gateway

• Avoiding a Java Security Certificate Exception

C.1 Installing Self-signed Certificates on Oracle Health Sciences Information Gateway CONNECT Adapter

Perform the following steps to install self-signed certificates on the OHIG CONNECT adapter:

1. Log in to the adapter machine.

2. Stop the application server using the following commands:

   1. > cd <glassfish_install_dir>/bin

   2. > asadmin stop-domain <domain_name>

3. Navigate to the directory <install_dir>/addons/connect/scripts using the following command:

   > cd <install_dir>/addons/connect/scripts

4. Execute create-and-import-selfsigned-certs.sh to install the self-signed certificate.

   > sh create-and-import-selfsigned-certs.sh

   This performs the following:

   • creates the keystore for the private internal key

   • exports the certificate that will authenticate the internal key

   • imports the trusted certificates into the truststore

   • provides these certificates to the server to use for authentication purposes

5. Install the certificates from the other components that will communicate with the Adapter (Gateway, OHMPI, HPE, HPM, HRL, HTB, and so on).

6. Copy the certificate of the component machine <COMPONENT_HOSTNAME.cer> to the <glassfish_install_dir>/domains/<domain_name>/config folder.

7. Navigate to and execute <install_dir>/addons/connect/scripts/import-others-cert.sh. When prompted by the scripts, enter the machine hostname (it should match the cert file you copied to the config folder without .cer suffix).

   > bash import-others-cert.sh

C.2 Installing Self-signed Certificates on Oracle Health Sciences Information Gateway CONNECT Gateway

Perform the following steps to install self-signed certificates on the OHIG CONNECT gateway:

1. Log in to the gateway machine.

2. Stop the application server using the following commands:

   1. > cd <glassfish_install_dir>/bin

   2. > asadmin stop-domain <domain_name>

3. Navigate to the directory <install_dir>/addons/connect/scripts using the following command:

   > cd <install_dir>/addons/connect/scripts

4. Execute create-and-import-selfsigned-certs.sh to install the self-signed certificate.

   > sh create-and-import-selfsigned-certs.sh

   This performs the following:

   • creates the keystore for the private internal key

   • exports the certificate that will authenticate the internal key

   • imports the trusted certificates into the truststore

   • provides these certificates to the server to use for authentication purposes

5. Install the adapter machine certificate.

6. Copy the adapter machine certificate of <ADAPTER_ HOSTNAME.cer> to the <glassfish_install_dir>/domains/<domain_name>/config folder.

7. Navigate to and execute <install_dir>/addons/connect/scripts/import-others-cert.sh. When prompted by the scripts, enter the adapter machine hostname (it should match with the cert file you copied to the config folder without .cer suffix).

   > bash import-others-cert.sh

C.3 Avoiding a Java Security Certificate Exception

To avoid a java.security.cert.CertificateException you must ensure that your OHIM host names are not fully qualified.

To Make the Hostname Not Fully Qualified

1. Set the OHIM and OHIG host names to be not fully qualified.

2. Add aliases for all hosts.

3. Regenerate and reimport the certificates.

4. Restart all the servers.

5. Test that you do not have a Java security certificate exception.