For some changes described bellow you will need to restart the SOA Server. My suggestion for you is make the necessary changes and restart the server once time.
All problems founded here while I was doing this setup were resolved with the steps defined follow.
The configuration of the SOA server:
- Oracle Enterprise Manager 11g version 11.1.1.6.0;
- WebLogic Server version 10.3.5.0.
The UMS drive is not installed on SOA Server by default, so before you will start these steps will be necessary install the UMS drive. This step is very simple, you only need access the console in the path Console> Deployments >Install, and then choose component named "UMS Adapter.rar" and complete the necessary steps (next, next and next).
Developers: The JDeveloper tool has the UMS service installed, but this component is hidden by default. You need to change a file for see and use the UMS service in your composite. For do it you need to open the folder {Install_JDev11.1.1.6}\jdeveloper\integration\seed\soa\configuration, open the file "soa-config.xml" and modify the item ${UMS_ADAPTER_COMPONENT_NAME_L} removing the property "preview=true".
Creating JKS files (Identity and Trust). These files must be used to mantain the secure storage and management of private keys and trusted certificate authorities (CA's). For your better understanding look this link:
http://docs.oracle.com/cd/E23943_01/apirefs.1111/e13952/taskhelp/security/ConfigureKeystoresAndSSL.html#WLACH03024.
Follow the steps bellow...
STEP 1: Acquiring the SSL certificates for future connections
Firstly you need to have Open-SSL installed and then you can to store the certificates in your local machine. Run the following sample command to see the result:
IMAP gmail server
openssl s_client -connect imap.gmail.com:993 >
imap-gmail.cert
SMTP gmail server
openssl s_client -connect smtp.gmail.com:465 >
smtp-gmail.cert
Tips: Existing others protocols what you can use to setup it, but in this case I will use the protocols SMTP for send messages and IMAP for receive messages. The ports used in this example were the default ports listed.
Copy the follow content after to run the openssl command line above for both files IMAP and SMTP certificates:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
After run the openssl command lines, you need copy the content lines between BEGIN CERTIFICATE and END CERTIFICATE as indicated above and past then in a notepad and save everything in files named imap-gmail.cert or smtp-gmail.cert according to content for each files.
STEP 2: Creating JKS (Java Keystore) files
Important: When weblogic is installed these files are created automatically, so you don't need to create new JKS files and then, you can jump this step and following to the next step. On the next step you will import the credentials created on step 1 for your JKS file, so if you choose not create the custom JKS files, you will need to know the password of this standard JKS files.
In this sample, we will create some custom JKS files for better show the complete setup about JKS files.
Exporting environment variable
Verify where is the default JDK path in your server and put it here!
For sample:
export JAVA_HOME=/vol01/oracle/product/11.2.0/jdk
Creating identity file
For understand the next commands, read more about it on the Oracle´s documentation:
http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html.
$JAVA_HOME/bin/keytool -genkey -alias PutHereYourServerName -keyalg RSA -keysize 1024 -validity 365 -keypass changeitnow -keystore YourIdentityFile .jks -storepass changeitnow -dname "CN=PutHereYourServerName, emailAddress= PutHereYourMail , OU= PutHereYourOrgUnit , O= PutHereYourOrgName , L= PutHereYourCity , S= PutHereYourStateCode , C= PutHereYourCountryCode "
$JAVA_HOME/bin/keytool -export -alias PutHereYourServerName -file root.cer -keystore YourIdentityFile.jks -storepass
Creating trust file
List all files
For you verify if your above commands works correctlly, run it commands:
STEP 3: Importing certificates into Weblogic's keystore
To import the certificates is very simple, you need use a Java tool named keytool used on previous steps. That command will put the certificate credentials acquired above into the JKS files.
http://docs.oracle.com/cd/E23943_01/apirefs.1111/e13952/taskhelp/security/ConfigureKeystoresAndSSL.html#WLACH03024.
Follow the steps bellow...
STEP 1: Acquiring the SSL certificates for future connections
Firstly you need to have Open-SSL installed and then you can to store the certificates in your local machine. Run the following sample command to see the result:
IMAP gmail server
openssl s_client -connect imap.gmail.com:993 >
imap-gmail.cert
SMTP gmail server
openssl s_client -connect smtp.gmail.com:465 >
smtp-gmail.cert
Tips: Existing others protocols what you can use to setup it, but in this case I will use the protocols SMTP for send messages and IMAP for receive messages. The ports used in this example were the default ports listed.
Copy the follow content after to run the openssl command line above for both files IMAP and SMTP certificates:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
After run the openssl command lines, you need copy the content lines between BEGIN CERTIFICATE and END CERTIFICATE as indicated above and past then in a notepad and save everything in files named imap-gmail.cert or smtp-gmail.cert according to content for each files.
STEP 2: Creating JKS (Java Keystore) files
Important: When weblogic is installed these files are created automatically, so you don't need to create new JKS files and then, you can jump this step and following to the next step. On the next step you will import the credentials created on step 1 for your JKS file, so if you choose not create the custom JKS files, you will need to know the password of this standard JKS files.
In this sample, we will create some custom JKS files for better show the complete setup about JKS files.
Exporting environment variable
Verify where is the default JDK path in your server and put it here!
For sample:
export JAVA_HOME=/vol01/oracle/product/11.2.0/jdk
echo $JAVA_HOME
Creating identity file
For understand the next commands, read more about it on the Oracle´s documentation:
http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html.
$JAVA_HOME/bin/keytool -genkey -alias PutHereYourServerName -keyalg RSA -keysize 1024 -validity 365 -keypass changeitnow -keystore YourIdentityFile .jks -storepass changeitnow -dname "CN=PutHereYourServerName, emailAddress= PutHereYourMail , OU= PutHereYourOrgUnit , O= PutHereYourOrgName , L= PutHereYourCity , S= PutHereYourStateCode , C= PutHereYourCountryCode "
Options for dname parameter what you will replace:
- CN=commonName
- OU=organizationUnit
- O=organizationName
- L=localityName
- S=stateName
- C=country
Exporting root certificate
$JAVA_HOME/bin/keytool -export -alias PutHereYourServerName -file root.cer -keystore YourIdentityFile.jks -storepass
$JAVA_HOME/bin/keytool -import -alias PutHereYourServerName -file root.cer -keystore YourTrustFile.jks -storepass changeitnow
List all files
For you verify if your above commands works correctlly, run it commands:
$JAVA_HOME/bin/keytool -list -v -alias PutHereYourServerName -keystore YourIdentityFile.jks -storepass changeitnow
$JAVA_HOME/bin/keytool -list -v -alias PutHereYourServerName -keystore YourTrustFile.jks -storepass changeitnow
$JAVA_HOME/bin/keytool -printcert -file
root.cer
STEP 3: Importing certificates into Weblogic's keystore
To import the certificates is very simple, you need use a Java tool named keytool used on previous steps. That command will put the certificate credentials acquired above into the JKS files.
$JAVA_HOME/bin/keytool -import -keystore YourIdentityFile.jks -alias gmail.com -storepass changeitnow -file
smtp-gmail.cert
$JAVA_HOME/bin/keytool -import -keystore YourTrustFile.jks -alias gmail.com -storepass changeitnow -file
imap-gmail.cert
Nenhum comentário:
Postar um comentário