| StorageTek Automated Cartridge System Library Software Installation Guide Release 8.3 E48579-06 |
|
 Previous |
 Next |
| StorageTek Automated Cartridge System Library Software Installation Guide Release 8.3 E48579-06 |
|
Previous |
Next |
The ACSLS GUI uses the https transport protocol for network transactions between the WebLogic server and client browsers. With https, communication transpires securely using the cryptographic protocol, SSL (now TLS). When a client browser initially contacts the server, a set of keys are exchanged between client and server. These are used to encrypt and decrypt subsequent secure exchanges between the two nodes.
When you install WebLogic on your ACSLS server, a simple 512-bit public key is automatically available to support basic https exchanges with client browsers. Normally, no further configuration should be necessary. However, some browsers, notably the Microsoft Internet Explorer, require a lengthier key of no less than 1024 bits.
This section explains how to create a custom SSL key for your WebLogic server.
Generate a keystore database of cryptographic keys.
As root user, source the basic acsls environmental variables.
. /var/tmp/acsls/.acsls_env
Define keystore parameters:
keyPath=$installDir/Oracle/Middleware/wlserver_10.3/server/lib keyStore=acslsKeyStore.jks myPw=<enter a desired password here>
Generate the public/private encryption key pair and digital certificate. Place them in the keyStore.
keytool -genkeypair -alias selfsigned \ -keystore $keyPath/$keyStore -keyalg RSA \ -storepass $myPw -validity 7300 -keysize 2048
This produces a certificate valid for 7300 days (20 years) with encryption key that is 2048 bits in length.
The keytool prompts you with the following questions. The answers you give are written to a certificate that can be displayed on a remote browser any time the ACSLS GUI user is asked to confirm the authenticity of the HTTPS connection.
What is your first and last name? [Unknown]: ACSLS Library Server What is the name of your organizational unit? [Unknown]: Tape Library Services What is the name of your organization? [Unknown]: Our Organization What is the name of your City or Locality? [Unknown]: Our Town What is the name of your State or Province? [Unknown]: Our Province? What is the two-letter country code for this unit? [Unknown]: CA
When prompted for a password, simply press return to use the value for $myPw that you set in step 1-b.
The tool summarizes the parameters you submitted and asks you to confirm (yes/no) that the parameters are correct.
Configure WebLogic to use the newly-generated keyStore.
Logon to the WebLogic console as ’acsls_admin' using the acsls_admin password.
http://acsls_server:7001/console
From the main page top-left corner of the console page, click the Lock & Edit button.
Just below the Lock and Edit button, you see 'Domain Structure'. Select Environment under the 'AcslsDomain'.
From the 'Summary of Environment' frame, click Servers.
From the 'Summary of Servers', select the Configuration tab and click AdminServer(admin) from the Servers table.
From the 'Settings for AdminServer' frame, select Keystores tab.
In the Keystores niche, click the Change button and select Custom Identity and Custom Trust. Click Save.
In the 'Custom Identity Keystore' text box, enter the path to the keyStore.jks file using the $keyPath/$keyStore values that you defined in step 1-b above. Leave the 'Custom Identity Keystore Type' text box empty.
In the 'Custom Identity Keystore Passphrase' text box, enter the password that you defined as $myPw in step 1-b above.
Confirm the Custom Identity Keystore Passphrase in the next text box.
In the 'Custom Trust Keystore' text box, enter the full path to the acslsKeyStore.jks file using the $keyPath/$keyStore values that you entered in step 2-h. Leave the 'Custom Trust Keystore Type' text box empty.
In the 'Custom Trust Keystore Passphrase' text box, enter the same password you defined in step 2-i. Enter confirmation of that password in the remaining text box.
Click Save. Observe the verification message at the top of the page.
Select SSL tab in the 'Settings for Administrator' frame.
In 'Identity and Trust Locations' make sure that 'Keystores' is selected. Click Change to correct the setting if necessary.
In the 'Private Key Alias' text box, enter selfsigned.
In the 'Private Key Passphrase' text box, enter the same password you defined as $myPw in step 1-b above. Confirm using the same password in the remaining text box.
Click Save. Look for the green verification message at the top of the page.
Click the Activate Changes button in the top-left corner of the page. Observe the verification message at the top of the page.
|
 Copyright © 2013, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|