IBM FileNet P8, Version 5.2.1            

Deploying Hitachi Content Platform SSL certificates for Content Platform Engine on WebLogic

A Content Platform Engine server can use the secure sockets layer (SSL) protocol to communicate with a Hitachi Content Platform fixed content device.

Before you begin

As a prerequisite for this SSL communication, you must deploy a Hitachi Content Platform SSL certificate to the Content Platform Engine application server when the application server is WebLogic version 10.3.4 or later.

About this task

The following procedure describes how to add an SSL certificate to the WebLogic keystore. For more information about this part of the procedure, see your WebLogic documentation.

Procedure

To deploy an SSL certificate from a Hitachi Content Platform fixed content device to one or more WebLogic application servers:

  1. Use a web browser to extract the SSL certificate from the fixed content device to a file. Alternatively, you can use openSSL or some other utility to perform the extraction. For example, you might extract the certificate to a file that is named hcpSantaFe.cer. To use the Mozilla Firefox web browser to extract the certificate, perform the following steps:
    1. In the Firefox browser, enter the https address for the namespace browser login page of the fixed content device.
    2. Click the security icon in the lower right part of the window.
    3. On the security page, select View Certificate.
    4. Click the Details tab.
    5. Export the certificate to a file in DER format.
  2. Update the WebLogic application servers with the SSL certificate for the Content Platform Engine instances that use the fixed content device. For each application server, perform the following steps:
    1. Copy the certificate file to the Content Platform Engine server. For example, copy the hcpSantaFe.cer file to the C:\IBM\hcpKeystore directory.
    2. Back up the cacerts file that the WebLogic application server uses for the Java™ Runtime Environment (JRE) keystore. For example, if the WebLogic application server uses Oracle Java and that the server is deployed in the C:\Bea1034 directory, the cacerts file is located in the C:\Bea1034\jdk160_21\jre\lib\security directory.
    3. Open a command prompt window and navigate to the directory that contains the certificate file. For example, navigate to the C:\IBM\hcpKeystore directory.
    4. In the command prompt window, enter the following command to deploy the certificate file to the JRE keystore: keytool -import -file certificate-file -storepass password -alias alias-name -trustcacerts –keystore keystore-filepath

      Substitute the appropriate values for the following variables:

      certificate-file
      The name of the certificate file that you copied to the Content Platform Engine server. For example, hcpSantaFe.cer.
      password
      The password for the JRE keystore. The default password is changeit.
      alias-name
      A name of your choosing to refer to the certificate.
      keystore-filepath
      The fully qualified name of the cacerts file that WebLogic uses. For example, C:\Bea1034\jdk160_21\jre\lib\security\cacerts.

      For example, you might enter the following command: keytool -import -file "hcpSantaFe.cer" -storepass "changeit" -alias "hcpSantaFe" -trustcacerts -keystore "C:\Bea1034\jdk160_21\jre\lib\security\cacerts"

    5. Enter the following command to verify the successful creation of the certificate in the keystore: keytool -list -v -keystore keystore-filepath -storepass password For example, you might enter the following command: keytool -list -v -keystore "C:\Bea1034\jdk160_21\jre\lib\security\cacerts" -storepass "changeit"
    6. In the WebLogic administration tool, navigate to Environment > Servers > server-name > Keystores, where server-name is the server that runs the Content Platform Engine instance. Verify that Keystores is set to Custom Identity and Standard Java Trust.
  3. Restart the Content Platform Engine instance.


Last updated: October 2015
p8pcc104.htm

© Copyright IBM Corporation 2015.