Skip Headers
StorageTek Tape Analytics Installation and Configuration Guide
Release 2.0.1
E41585-03
  Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		 Next
Next		  

8 Configuring Certificates

Oracle supplies self-generated certificates to be used with HTTPS/SSL Ports. During installation, STA generates a certificate using the Java keytool and creates it on your server using your server hostname. You can optionally replace the Oracle certificate with your own approved certificate from a selected certificate authority (for example, VeriSign).


Note:

The following procedures use Mozilla Firefox running on a Windows platform.

8.1 Establishing the Initial HTTPS/SSL Connection

  1. Enter the HTTPS/SSL version of the URL for the STA application on the browser.

    https://your_localhost.com:port number/STA/

  2. Select I Understand the Risks, and then Add Exception.

  3. Click View on the Add Security Certificate screen.

    You then see the Certificate Viewer: your_localhost screen. The certificate is not shown as verified because it is not from a certificate authority.

    You can examine the certificate further on the Certificate Viewer screen by clicking the Details tab and selecting the issuer field. The variables you may see include:

    • CN = The hostname of the server that the STA application has been installed on. For example,

      Common Name (CN) your server name

    • OU = Tape Systems

    • O = Oracle America Inc

    • L = Redwood City

    • ST = California

    • C = USA

    The variable field CN is the server name that the certificate was generated on.

  4. Click Close to return to the Add Security Certificate screen.

  5. Select Confirm Security Exception on the Add Security Certificate screen, and you will be able to use HTTPS with the proper certificate.

8.2 Reconfigure WebLogic to use a Different Security Certificate

  1. Go to the WebLogic console login screen using the HTTP (default is 7001) or HTTPS (default is 7002) port number you selected during STA installation.

    http(s)://yourHostName:PortNumber/console/

  2. Log in using the WebLogic Admin Console username and password you defined during STA installation.

  3. Under Domain Structure > Environment, select Servers.

    Shows the location of the Servers option

  4. Under Servers, select staUi (select the name itself, not the check box).

    Shows the location of the staUi link

  5. Select the Keystores tab.

    Shows the location of the Keystores tab

  6. Under Change Center (top left of screen), click Lock & Edit.

    Shows the location of the Lock & Edit button

  7. In the Keystores section, click Change.

    Shows the location of the Change button

  8. In the Keystores drop-down menu, select Custom Identity and Java Standard Trust.

  9. Click Save.

  10. On the Keystores screen, enter:

    1. Custom Identity Keystore: the path and file of the private key file.

    2. Custom Identity Keystore Type: the keystore type. If configuring for RACF authentication, enter PKCS12.

    3. Custom Identity Keystore Passphrase: the password supplied by the MVS system administrator.

    4. Java Standard Trust Keystore Passphrase: the new password for the Java Standard Trust Keystore file.


    Caution:

    If you forget these passwords, you must re-install STA.

  11. Click Save.

  12. Select the SSL tab.

    Shows the location of the SSL tab

  13. Enter the Private Key Alias and Private Key Passphrase supplied by the MVS system programmer.

    To determine the Private Key Alias, use the keytool command. For example:

    C:\Temp>keytool -list -keystore CLTBI.PKCS12DR.D080411 -storetype PKCS12
Enter keystore password: (password from the MVS sysadmin)
Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 1 entry

tbiclient, Aug 17, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): 9A:F7:D1:13:AE:9E:9C:47:55:83:75:3F:11:0C:BB:46

  14. Click Save.

  15. Select the Advanced link (bottom of screen).

    Shows the location of the Advanced link

  16. Modify the following information:

    1. Select the Use Server Certs check box.

    2. From the Two Way Client Cert Behavior list, select Client Certs Requested But Not Enforced.

    3. Select Builtin SSL Validation Only from both the Inbound Certification Validation and Outbound Certificate Validation lists.

  17. Click Save.

  18. Under the Change Center (top left of screen), click Activate Changes.

    Shows the location of the Activate Changes button

  19. Log out of WebLogic.

  20. Stop and restart STA with the STA command. For information on command usage, see the STA Administration Guide.

    # STA stop all
# STA start all

8.3 Replace the Oracle Certificate

  1. Enter the HTTPS/SSL version of the URL for the STA application on the browser.

    https://your_localhost.com:port number/STA/

  2. Select I Understand the Risks on the This Connection is Untrusted screen.

  3. Click Add Exception.

  4. To specify a certificate for your organization, click Get Certificate on the Add Security Certificate screen and select the appropriate file.

  5. Click Confirm Security Exception.

  Previous
Previous 		 Next
Next
  Go To Table Of Contents
Contents		 Go To Index
Index