| Agile Product Lifecycle Management Security Guide Release 9.3.4 E52156-05 |
|
 Previous |
 Next |
The checklists in this section list the main tasks needed to configure Web Services security. It includes configuration steps for SSL setup described in Chapter 4, "Performing a Secure Agile PLM Installation" and WSS setup that is described in Chapter 7, "Enabling Security for Web Services".
Table B-1 Checklist for A9 and FM Web Services Security Setup Tasks
| Task | Complete? | Comments |
|---|---|---|
|
Create A9 Keystore(jks) and SSL key |
||
|
Export A9 SSL certificate |
||
|
Create A9 trust store and import A9 SSL certificate |
||
|
Enable SSL port in Weblogic console |
||
|
Configure keystore and trust store in Weblogic console |
||
|
Select SSL key as SSL Private key in Weblogic console |
||
|
Enable Security using wssconfugrator |
||
|
Export Demo CA certificate using wssconfigurator |
||
|
Create FM Keystore and SSL key |
||
|
Export FM SSL certificate |
||
|
Import A9 SSL certificate in FM keystore |
||
|
Import FM SSL certificate in A9 keystore |
||
|
Change Server.xml to enable SSL |
||
|
Change Server.conf to use https protocol and SSL ports |
||
|
Change Java Client Web Server URL to HTTPS and change Port to SSL |
||
|
Import AgileWssSignKey into FM keystore |
||
|
Import a9-democa-cert into FM Keystore |
||
|
Generate FM SAML key |
||
|
Export FM SAML cert |
||
|
Create Base64 of FM SAML certificate |
||
|
Import Base64 FM SAML cert into A9 using wssconfigurator |
||
|
Create Trust Issuer using wssconfigurator |
Table B-2 Checklist for DFM Configuration Tasks
| Task | Complete? | Comments |
|---|---|---|
|
Create DFM Keystore and SSL key |
||
|
Export DFM SSL certificate |
||
|
Change DFM server.conf with appropriate URLs |
||
|
Import A9 and all FM SSL certificates (All FM, DFM1, DFM2, IFS, and so on) |
||
|
Import all FM SAML keys into DFM keystore (if SAML key is different in all FMs) |
||
|
Import DFM SSL certificates into A9 trust store and All FMs ke |
||
|
Create Trust issuer if different SAML key is used |
||
|
Update Issuer Name in server.conf |
