A Content Platform Engine server
can use the secure sockets layer (SSL) protocol to communicate with
a Hitachi Content Platform fixed content device.
Before you begin
As a prerequisite for this SSL communication, you must deploy
a Hitachi Content Platform SSL certificate to the
Content Platform Engine application server
when the application server is WebLogic version 10.3.4 or later.
About this task
The following procedure describes how to add an SSL certificate
to the WebLogic keystore. For more information about this part of
the procedure, see your WebLogic documentation.
Procedure
To deploy an SSL certificate from a Hitachi Content Platform
fixed content device to one or more WebLogic application servers:
- Use a web browser to extract the SSL certificate from the
fixed content device to a file. Alternatively, you can
use openSSL or some other utility to perform the extraction. For example,
you might extract the certificate to a file that is named hcpSantaFe.cer.
To use the Mozilla Firefox web browser to extract the certificate,
perform the following steps:
- In the Firefox browser, enter the https address for
the namespace browser login page of the fixed content device.
- Click the security icon in the lower right part of the
window.
- On the security page, select View Certificate.
- Click the Details tab.
- Export the certificate to a file in DER format.
- Update the WebLogic application servers with the SSL certificate
for the Content Platform Engine instances
that use the fixed content device. For each application
server, perform the following steps:
- Copy the certificate file to the Content Platform Engine server. For
example, copy the hcpSantaFe.cer file to the C:\IBM\hcpKeystore directory.
- Back up the cacerts file that the
WebLogic application server uses for the Java™ Runtime
Environment (JRE) keystore. For example, if the WebLogic
application server uses Oracle Java and
that the server is deployed in the C:\Bea1034 directory,
the cacerts file is located in the C:\Bea1034\jdk160_21\jre\lib\security directory.
- Open a command prompt window and navigate to the directory
that contains the certificate file. For example, navigate
to the C:\IBM\hcpKeystore directory.
- In the command prompt window, enter the following command
to deploy the certificate file to the JRE keystore: keytool
-import -file certificate-file -storepass password -alias alias-name -trustcacerts
–keystore keystore-filepath
Substitute
the appropriate values for the following variables:
- certificate-file
- The name of the certificate file that you copied to the Content Platform Engine server. For example, hcpSantaFe.cer.
- password
- The password for the JRE keystore. The default password is changeit.
- alias-name
- A name of your choosing to refer to the certificate.
- keystore-filepath
- The fully qualified name of the cacerts file that WebLogic uses.
For example, C:\Bea1034\jdk160_21\jre\lib\security\cacerts.
For example, you might enter the
following command: keytool -import -file "hcpSantaFe.cer"
-storepass "changeit" -alias "hcpSantaFe" -trustcacerts -keystore
"C:\Bea1034\jdk160_21\jre\lib\security\cacerts"
- Enter the following command to verify the successful
creation of the certificate in the keystore: keytool -list
-v -keystore keystore-filepath -storepass password For example, you might enter the following command: keytool
-list -v -keystore "C:\Bea1034\jdk160_21\jre\lib\security\cacerts"
-storepass "changeit"
- In the WebLogic administration tool, navigate to , where server-name is the server
that runs the Content Platform Engine instance. Verify that Keystores is set to Custom Identity and Standard Java Trust.
- Restart the Content Platform Engine instance.