6 Enabling SSL for HTTPS
This chapter provides the following procedures for configuring the OMU connector to use the HTTPS protocol:
Configuring Enterprise Manager to Use SSL
If the OMU web service was configured to run using the HTTPS protocol, you must perform the following steps to set up SSL:
-
Install an SSL certificate in the OMU web service keystore. You must either install a self-signed certificate or install a certificate obtained from a Certificate Authority (CA).
-
To install a self-signed certificate, perform the steps specified in Installing a Self-Signed Certificate.
-
To install a certificate from a CA, perform the steps specified in Installing a Certificate from a Certificate Authority.
-
-
Import the SSL certificate from the OMU web service keystore into the Enterprise Manager keystore as specified in Importing the Web Service Certificate into Enterprise Manager.
Installing a Self-Signed Certificate
To generate and install a self-signed SSL certificate for the OMU adapter web service:
-
Open a command prompt window and change the working directory to the
adapters/conf
directory in the OMU web service installation directory. -
Enter the following command to delete the default SSL entry from the OMU web service keystore.
-
Unix
$JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
-
Windows
"%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks
-
-
Enter the following command to generate a new certificate and place it in the OMU web service keystore. You will need to replace <hostname> with the host name or IP address of the system where the OMU web service is installed.
Note:
The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.
-
Unix
$JAVA_HOME/bin/keytool -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
-
Windows
"%JAVA_HOME%\bin\keytool" -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
-
Installing a Certificate from a Certificate Authority
To request and install a signed SSL certificate for the OMU web service:
-
Request a certificate for the OMU web service from a Certificate Authority, such as VeriSign.
Note:
In the certificate request, make sure to specify the host name or IP address of the system where the OMU web service is installed. The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.
-
After you obtain the certificate from the Certificate Authority, perform the following steps to install the certificate:
-
Open a command prompt window and change the working directory to the
adapters/conf
directory in the OMU web service installation directory. -
Enter the following command to install the certificate, where <certificateFile> is the full path name of the file provided by the Certificate Authority:
-
Unix:
$JAVA_HOME/bin/keytool -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
-
Windows:
"%JAVA_HOME%\bin\keytool" -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks
-
-
Importing the Web Service Certificate into Enterprise Manager
To import the OMU web service SSL certificate into the Enterprise Manager keystore:
-
Open a command prompt window and change the working directory to the
adapters/conf
directory in the OMU web service installation directory. -
Issue the following command to extract the SSL certificate from the OMU web service keystore and place it in the OMUws.cer certificate file:
-
Unix platforms
$JAVA_HOME/bin/keytool -exportcert -rfc -alias iwave -file OMUws.cer -keystore keystore.jks -storepass iwavepw
-
Windows platforms
"%JAVA_HOME%\bin\keytool" -exportcert -rfc -alias iwave -file OMUws.cer -keystore keystore.jks -storepass iwavepw
-
-
Transfer the certificate file OMUws.cer to the system where Enterprise Manager is installed.
-
Append the contents of the OMUws.cer file to:
$INSTANCE_HOME/sysman/config/b64LocalCertificate.txt
-
Ensure that only the following lines are appended to the b64LocalCertificate.txt file (that is, do not include blank lines, comments, or any other special characters):
-----BEGIN CERTIFICATE----- <<<Certificate in Base64 format>>> -----END CERTIFICATE-----
-
Restart OMS by running the following commands:
emctl stop oms emctl start oms