1. Deploying JD Edwards EnterpriseOne on Oracle Cloud Infrastructure on Linux with Autonomous Database Learning Path
  2. Regenerating and Reinstalling Self-Signed Certificates for One-Click Provisioning

Regenerating and Reinstalling Self-Signed Certificates for One-Click Provisioning

This section shows you how to regenerate and reinstall Self-Signed Certificates for One-Click Provisioning.

The deployment of JD Edwards EnterpriseOne One-Click Provisioning includes temporary self-signed certificates. By design, these certificates are set to expire at one-year intervals from when they were generated.
Important: After self-signed certificates are expired, Oracle strongly recommends that you generate and install your own CA certificates as described in this section. These must be certificates that are verified by a verified CA authority such as Entrust and Symantec Corporation.

Prerequisite

You must have an installation of Java Keystore.

Generating Self-Signed Certificates on Linux

Use this procedure to generate self-signed certificates on Linux.

  1. Log into Provisioning Server.
  2. Run the following commands (where each bulleted item is one contiguous line):
    • sudo -i
    • mv /u01/jde920/.vm_unconfigured /u01/jde920/vm_unconfigured
    • /u01/jdk1.8.0/jre/bin/keytool -delete -alias cert -keystore "/u01/jdk1.8.0/jre/lib/security/cacerts" -storepass *****
    • /u01/CertGen/ConfigureCertKey_CC.sh
    • /u01/CertGen/ConfigureCertKey_SMC.sh <WebLogic Admin Password>
    • mv /u01/jde920/vm_unconfigured /u01/jde920/.vm_unconfigured
    Note:
    • The storepass value ***** in above commands is the WebLogic Admin password.
    • The generated cert.pem file is located in: /u01/E1CloudConsole/keys
    • The log file path is: /var/log

Importing the Self-Signed Certificate into Target Machines on Linux

The self-signed certificate file that you generated in the previous steps must be imported into these target machines that were deployed by JD Edwards EnterpriseOne One-Click Provisioning:

  • HTML Server
  • Enterprise Server
  • Oracle Database Server

HTML Server

Use this procedure to import the self-signed certificate into the HTML Server.

  1. Run this command:

    sudo -i

  2. Get the cert.pem file from Provisioning Server, which you generated in the previous procedure in this section entitled: "Generating Self-Signed Certificates on Linux".

  3. Use this command is determine if a certificate with an alias of smcert is already imported to jdk/jre/lib/security/cacerts, where this command is a single contiguous line:

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported to the JDK/JRE lib location, use this command to remove it, where this command is a single contiguous line:

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -delete -file cert.pem -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

  4. Use these commands to import the certificate that you generated in the previous procedure of this section entitled: "Generate Self-Signed Certificates" to /u01/jde_home/SCFHA/jdk, where each command is a single contiguous line:

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -import -file cert.pem -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

  5. Use this command is determine if a certificate with an alias of smcert is already imported for the JDK path:

    /u01/oracleJDE/jdk_path/jre/bin/keytool -list -v -alias smcert -keystore "/u01/oracleJDE/jdk_path/jre/lib/security/cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    /u01/oracleJDE/jdk_path/jre/bin/keytool -delete -alias smcert -keystore "/u01/oracleJDE/jdk_path/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the WebLogic Admin password.

  6. Use these commands to import the certificate that you generated in the previous procedure of this document entitled: "Generate Self-Signed Certificates" to /u01/oracleJDE/jdk_path, where each command is a single contiguous line:

    /u01/oracleJDE/jdk_path/jre/bin/keytool -import -file cert.pem -alias smcert -keystore "/u01/oracleJDE/jdk_path/jre/lib/security/cacerts" -storepass *****

    /u01/oracleJDE/jdk_path/jre/bin/keytool -list -v -alias smcert -keystore "/u01/oracleJDE/jdk_path/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the WebLogic Admin password.

Enterprise Server

Use this procedure to import the self-signed certificate into the HTML Server.

  1. Run this command:

    sudo -i

  2. Get the cert.pem file from Provisioning Server, which you generated in the previous procedure in this section entitled: "Generating Self-Signed Certificates on Linux".

  3. Use this command is determine if a certificate with an alias of smcert is already imported to jdk/jre/lib/security/cacerts, where this command is a single contiguous line:

    /u01/jde920/jde_home/SCFHA/jdk/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jde920/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    /u01/jde920/jde_home/SCFHA/jdk/jre/bin/keytool -delete -alias smcert -keystore "/u01/jde920/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

  4. Use these commands to import the certificate that you generated in the previous procedure of this section entitled: Generate Self-Signed Certificates to /u01/jde920/jde_home/SCFHA/jdk, where each command is a single contiguous line:

    /u01/jde920/jde_home/SCFHA/jdk/jre/bin/keytool -import -file cert.pem -alias smcert -keystore "/u01/jde920/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    /u01/jde920/jde_home/SCFHA/jdk/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jde920/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

  5. Use this command is determine if a certificate with an alias of smcert is already imported for the JDK path:

    /u01/jdk8_32/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jdk8_32/jre/lib/security/cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    /u01/jdk8_32/jre/bin/keytool -delete -alias smcert -keystore "/u01/jdk8_32/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the Site Key password.

  6. Use these commands to import the certificate that you generated in the previous procedure of this section entitled: "Generate Self-Signed Certificates" to /u01/jdk8_32, where each command is a single contiguous line:

    /u01/jdk8_32/jre/bin/keytool -import -file cert.pem -alias smcert -keystore "/u01/jdk8_32/jre/lib/security/cacerts" -storepass *****

    /u01/jdk8_32/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jdk8_32/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the Site Key password.

Database Server

Use this procedure to import the self-signed certificate into the Oracle Database Server. Note that is only applicable if you are using Oracle Compute service for your Database Server; it not applicable if you are using the Oracle Database Service (DBS).

  1. Log into the Oracle Compute Database Server.
  2. Get the cert.pem file from Provisioning Server, which you generated in the previous procedure in this section entitled: "Generating Self-Signed Certificates on Linux".
  3. Run this command:

    sudo -i

  4. Use this command is determine if a certificate with an alias of smcert is already imported to jdk/jre/lib/security/cacerts, where this command is a single contiguous line:

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -delete -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

  5. Use these commands to import the certificate that you generated in the previous procedure of this document entitled: "Generate Self-Signed Certificates" to /u01/jde_home/SCFHA/jdk, where each command is a single contiguous line:

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -import -file cert.pem -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    /u01/jde_home/SCFHA/jdk/jre/bin/keytool -list -v -alias smcert -keystore "/u01/jde_home/SCFHA/jdk/jre/lib/security/cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

Generating Self-Signed Certificates on Microsoft Windows

Use this procedure to generate self-signed certificates on Microsoft Windows.

  1. Log into Provisioning Server.
  2. Open Windows Powershell As Administrator.
  3. Run the following commands, where each command is a single contiguous line:

    ren <drive>\JDE\PP\jde920\.vm_unconfigured <drive>\JDE\PP\jde920\vm_unconfigured

    <drive>\JDE\jdk1.8_64\jre\bin\keytool -delete -alias cert -keystore "<drive>\JDE\jdk1.8_64\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above command is the WebLogic Admin password.

    $env:OPENSSL_CONF += "C:\JDE\bin\openssl.cnf"

    <drive>\JDE\PP\CertGen\ConfigureCertKey_CC.ps1

    <drive>\JDE\PP\CertGen\ConfigureCertKey_SMC.ps1 <WebLogic Admin Password>

    ren <drive>\JDE\PP\jde920\vm_unconfigured <drive>\JDE\PP\jde920\.vm_unconfigured

Importing the Self-Signed Certificate into Target Machines on Microsoft Windows

The self-signed certificate file that you generated in the previous steps must be imported into these target machines that were delivered by JD Edwards EnterpriseOne One-Click Provisioning:

  • All Servers
  • HTML Server
  • Enterprise Server

All Servers

Use this procedure to import the self-signed certificate into all Microsoft Windows servers.

  1. Log into the each Microsoft Windows server.
  2. Get the cert.pem file that is located on the Provisioning Server. You generated this key using the previous procedure in this section entitled: "Generating Self-Signed Certificates on Microsoft Windows".

    On the Provisioning Server, this file is located at this location:

    <drive>\JDE\PP\E1CloudConsole\keys

  3. On each machine, use this command is determine if a certificate with an alias of smcert is already imported to <drive>\JDE\jde_home\SCFHA\jdk, where this command is a single contiguous line:

    <drive>\JDE\jde_home\SCFHA\jdk\jre\bin\keytool -list -v -alias smcert -keystore

    "<drive>\JDE\jde_home\SCFHA\jdk\jre\lib\security\cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    <drive>\JDE\jde_home\SCFHA\jdk\jre\bin\keytool -delete -alias smcert -keystore "<drive>\JDE\jde_home\SCFHA\jdk\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

  4. On each machine, use these commands to import the certificate that you generated in the previous procedure of this section entitled: "Generate Self-Signed Certificates" to <drive>\JDE\jde_home\SCFHA\jdk, where each command is a single contiguous line:

    <drive>\JDE\jde_home\SCFHA\jdk\jre\bin\keytool -import -file cert.pem -alias smcert -keystore "

    <drive>\JDE\jde_home\SCFHA\jdk\jre\lib\security\cacerts" -storepass *****

    <drive>\JDE\jde_home\SCFHA\jdk\jre\bin\keytool -list -v -alias smcert -keystore

    "<drive>\JDE\jde_home\SCFHA\jdk\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the default password for Java trustStore.

HTML Server

Use this procedure to import the self-signed certificate into the HTML Server.

  1. Log into the HTML server.
  2. Get the cert.pem file that is located on the Provisioning Server. You generated this key using the previous procedure in this section entitled: "Generating Self-Signed Certificates on Microsoft Windows".

    On the Provisioning Server, this file is located at this location:

    <drive>\JDE\PP\E1CloudConsole\keys

  3. Use this command is determine if a certificate with an alias of smcert is already imported to C:\Program Files\Java\jdk1.8.0_201, where this command is a single contiguous line:

    <JDK_path>\jre\bin\keytool -list -v -alias smcert -keystore "

    <JDK_path>\jre\lib\security\cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    <JDK_path>\jre\bin\keytool -delete -alias smcert -keystore "

    <JDK_path>\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the WebLogic Admin password.

  4. Use these commands to import the certificate that you generated in the previous procedure of this document entitled: "Generate Self-Signed Certificates" to C:\Program Files\Java\jdk1.8.0_201 , where each command is a single contiguous line:

    <JDK_path>\jre\bin\keytool -import -file cert.pem -alias smcert -keystore "<JDK_path>\jre\lib\security\cacerts" -storepass *****

    <JDK_path>\jre\bin\keytool -list -v -alias smcert -keystore "<JDK_path>\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the WebLogic Admin password.

Enterprise Server

Use this procedure to import the self-signed certificate into the HTML Server.

  1. Log into the Enterprise Server.
  2. Get the cert.pem file that is located on the Provisioning Server. You generated this key using the previous procedure in this section entitled: "Generating Self-Signed Certificates on Microsoft Windows".

    On the Provisioning Server, this file is located at this location:

    <drive>\JDE\PP\E1CloudConsole\keys

  3. Use this command is determine if a certificate with an alias of smcert is already imported to <drive>\JDE\jdk8_32, where this command is a single contiguous line:

    <drive>\JDE\jdk8_32\jre\bin\keytool -list -v -alias smcert -keystore "

    <drive>\JDE\jdk8_32\jre\lib\security\cacerts" -storepass *****

    If the results of the above command indicate that an alias of smcert certificate is already imported, use this command to remove it, where this command is a single contiguous line:

    <drive>\JDE\jdk8_32\jre\bin\keytool -delete -alias smcert -keystore

    "<drive>\JDE\jdk8_32\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the Site Key password.

  4. Use these commands to import the certificate that you generated in the previous procedure of this document entitled: "Generate Self-Signed Certificates" to <drive>\JDE\jdk8_32, where each command is a single contiguous line:

    <drive>\JDE\jdk8_32\jre\bin\keytool -import -file cert.pem -alias smcert -keystore"

    <drive>\JDE\jdk8_32\jre\lib\security\cacerts" -storepass *****

    <drive>\JDE\jdk8_32\jre\bin\keytool -list -v -alias smcert -keystore "

    <drive>\JDE\jdk8_32\jre\lib\security\cacerts" -storepass *****

    Note: The storepass value ***** in above commands is the Site Key password.