This chapter provides the following procedures for configuring the CASD connector to use the HTTPS protocol:
To generate and install a self-signed SSL certificate for the CASD adapter:
Open a command prompt window and change the working directory to the adapters/conf directory in the CASD adapter installation directory.
Execute the following command to delete the default SSL entry for the CASD adapter.
Unix:
$JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows:
"%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Enter the following command to generate a new certificate and place it in the adapter keystore. You will need to replace <hostname> with the host name or IP address of the system where the CASD adapter is installed.
Unix:
$JAVA_HOME/bin/keytool -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows:
"%JAVA_HOME%\bin\keytool" -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
To request and install a signed SSL certificate for the CASD adapter:
Request a certificate for the CASD adapter from a Certificate Authority, such as VeriSign.
Note:
In the certificate request, make sure to specify the host name or IP address of the system where the CASD adapter is installed. The host name in the certificate must match the host name or IP address the adapter uses. If they do not match, the adapter cannot function.
After you obtain the certificate from the Certificate Authority, perform the following steps to install the certificate:
Open a command prompt window and change the working directory to the adapters/conf directory in the CASD adapter installation directory.
Enter the following command to install the certificate, where <certificateFile> is the full path name of the file provided by the Certificate Authority:
Unix:
$JAVA_HOME/bin/keytool -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
Windows:
"%JAVA_HOME%\bin\keytool" -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
To import the adapter SSL certificate into the Enterprise Manager keystore:
Open a command prompt window and change the working directory to the adapters/conf directory in the CASD adapter installation directory.
Enter the following command to extract the SSL certificate from the CASD adapter keystore and place it in the CASDws.cer certificate file:
Unix:
$JAVA_HOME/bin/keytool -exportcert -rfc -alias iwave -file CASDws.cer -keystore keystore.jks -storepass iwavepw
Windows:
"%JAVA_HOME%\bin\keytool" -exportcert -rfc -alias iwave -file CASDws.cer -keystore keystore.jks -storepass iwavepw
Transfer the certificate file CASDws.cer to the system where Enterprise Manager is installed.
Append the contents of the CASDws.cer file to:
$INSTANCE_HOME/sysman/config/b64LocalCertificate.txt
Only append the following lines to the b64LocalCertificate.txt file (that is, do not include blank lines or comments or any other special characters):
-----BEGIN CERTIFICATE----- <<<Certificate in Base64 format>>> -----END CERTIFICATE-----
Restart the OMS by entering the following commands:
emctl stop oms emctl start oms