Exchanging Certificates Between EnterpriseOne Servers

An EnterpriseOne system typically includes an architecture with multiple EnterpriseOne servers installed on different machines, for example an EnterpriseOne HTML Server on one machine and an EnterpriseOne AIS Server on a different machine. In this case, to establish SSL between servers on different machines, you need to import the certificate of each machine into the other machine's keystore.

Recommendation: To avoid having to determine which servers are in direct communication, you can simply import the certificates from each machine's keystore into the keystore of all server machines in your EnterpriseOne configuration. This will eliminate any gaps in your SSL implementation.

For detailed steps on how to import a certificate into a keystore on Oracle WebLogic Server, see "Importing Certificates into the Trust and Identity Stores" in the Oracle Fusion Middleware Administering Security for Oracle WebLogic Server Guide.

For detailed steps on how to import a certificate into a keystore on IBM WebSphere Application Server, refer to the following site:

https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.base.iseries.doc/ae/tsec_sslconfiguration.html

#u30144026__BABHGAEF shows an example of certificates exchanged between two machines. Machine A has an application server with two managed servers: an EnterpriseOne HTML Server and an Oracle ADF Server. Machine B has a application server running the EnterpriseOne AIS Server. To establish SSL communication between these servers, a single certificate (Cert A) for the managed servers on Machine A was imported into the keystore on Machine B. The certificate (Cert B) for the managed server on Machine B was imported into the keystore on Machine A.