Oracle supplies self-generated security certificates to be used with HTTPS/SSL ports. During installation, STA uses the Java keytool to generate a certificate on the STA server, using the server hostname. You can optionally replace the Oracle certificate with your own approved certificate from a selected certificate authority (for example, VeriSign).
This chapter includes the following section:
If you want to use a different security certificate than the default, perform these procedures in the order listed.
Note:
These procedures use Mozilla Firefox running on a Windows platform.Start a supported Web browser on your computer and enter the HTTPS/SSL version of the URL for the STA application.
https://STA_host_name:port_number/STA/
Where:
host_name is the hostname of the STA server.
port_number is the STA port number you specified during installation. The default HTTP port is 7021; the default HTTPS port is 7022.
STA must be uppercase.
For example:
https://staserver.example.com:7022/STA/
The Connection is Untrusted screen appears.
Select I Understand the Risks, and then click Add Exception.
The Add Security Exception screen appears.
Click View.
The Certificate Viewer screen appears. The certificate is not shown as verified because it is not from a certificate authority.
To examine the certificate, click the Details tab.
In the Certificate Fields panel, select issuer. Following is a sample display. CN indicates the server name on which the certificate was generated.
CN = staserver.example.com OU = Tape Systems O = Oracle America Inc L = Redwood City ST = California C = USA
Click Close to return to the Add Security Certificate screen.
Select Confirm Security Exception.
The certificate is added to the STA server, and you can now use HTTPS with the certificate.
Start a supported Web browser on your computer.
In the Location Bar or Address field, enter the URL of the WebLogic Administrator console. The URL uses one of the following formats:
http://local_host_name:port_number/console
https://local_host_name:port_number/console
where local_host_name and port_number are the name and port number of the WebLogic Administrator console defined during STA installation. The default HTTP port number is 7019, and the default HTTPS port number is 7020. For example:
https://sta_server:7020/console
On the Welcome screen, enter the WebLogic Administration console username and password defined during STA installation, and then click Login.
The WebLogic Server Administration Console Home page appears.
In the Domain Structure section, select Environment, and then select Servers.
In the Servers table, select the staUi active link (select the name itself, not the check box).
Select the Keystores tab.
In the Change Center section, click Lock & Edit.
In the Keystores section, click Change.
In the Keystores menu, select Custom Identity and Java Standard Trust.
Click Save.
Complete the Keystores screen as follows:
Custom Identity Keystore—Path and file of the private key file.
Custom Identity Keystore Type—Keystore type. If configuring for RACF authentication, enter PKCS12.
Custom Identity Keystore Passphrase—Password supplied by the MVS system administrator.
Java Standard Trust Keystore Passphrase—New password for the Java Standard Trust Keystore file.
Caution:
If you forget these passwords, you must re-install STA.Click Save.
Select the SSL tab.
Enter the Private Key Alias and Private Key Passphrase supplied by the MVS system programmer.
Note:
To determine the Private Key Alias, use the keytool command at the system command line. For example:
# keytool -list -keystore CLTBI.PKCS12DR.D080411 -storetype PKCS12
Enter keystore password: (password from the MVS sysadmin)
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
tbiclient, Aug 17, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): 9A:F7:D1:13:AE:9E:9C:47:55:83:75:3F:11:0C:BB:46
Click Save.
In the Trusted Certificate Authorities section, click Advanced.
Complete the Advanced section of the SSL screen as follows:
Use Server Certs—Select the check box.
Two Way Client Cert Behavior—Select Client Certs Requested But Not Enforced.
Inbound Certification Validation—Select Builtin SSL Validation Only.
Outbound Certificate Validation—Select Builtin SSL Validation Only.
Click Save.
In the Change Center section, click Activate Changes.
Log out of WebLogic.
Stop all STA services. See the STA Administration Guide for command usage details.
# STA stop all
Stopping the staui service......
Successfully stopped the staui service
Stopping the staadapter service......
Successfully stopped the staadapter service
Stopping the staengine service......
Successfully stopped the staengine service
Stopping the weblogic service......
Successfully stopped the weblogic service
Stopping the staservd Service...
Successfully stopped staservd service
Stopping the mysql service.....
Successfully stopped mysql service
#
Start all STA services.
# STA start all
Starting mysql Service..
mysql service was successfully started
Starting staservd Service.
staservd service was successfully started
Starting weblogic Service......
weblogic service was successfully started
Starting staengine Service.........
staengine service was successfully started
Starting staadapter Service..........
staadapter service was successfully started
Starting staui Service..........
staui service was successfully started
#
Start a supported Web browser on your computer and enter the HTTPS/SSL version of the URL for the STA application.
https://STA_host_name:port_number/STA/
Where:
host_name is the hostname of the STA server.
port_number is the STA port number you specified during installation. The default HTTP port is 7021; the default HTTPS port is 7022.
STA must be uppercase.
For example:
https://staserver.example.com:7022/STA/
Select I Understand the Risks on the This Connection is Untrusted screen.
Click Add Exception.
To specify a certificate for your organization, click Get Certificate on the Add Security Certificate screen and select the appropriate file.
Click Confirm Security Exception.