Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • (UAT) Setup SSL Web Server (LXRRCUSG41)

    Загружено:

    Charlito Mikolli
    39 просмотров32 страницы

    Оригинальное название

    3.[UAT]Setup SSL Web Server(LXRRCUSG41) - Copy.docx

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    DOCX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    39 просмотров32 страницы

    (UAT) Setup SSL Web Server (LXRRCUSG41)

    Загружено:

    Charlito Mikolli

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 32

    RRC UOB China

    SETUP SSL
    EPM & OBIEE
    A. Preparation before SSL Setup
    1. Stop All EPM Services (APP, WEB , DB & EPMA)
    1) Open Directory:

    [APP] /app/RRCCN/EPM/Middleware/user_projects/epmsystem1/bin

    [DB] /app/RRCCN/Middleware/user_projects/epmsystem2/bin

    [WEB] /app/RRCCN/Middleware/user_projects/epmsystem4/bin

    Then :

    $ ./stop.sh
    Stop EPMA Services with Stop EPM System
    2. Stop OBIEE Service

    1) Open Directory:

    /
    app/RRCCN/OBIEE/MiddlewareBI/user_projects/domains/bifoundation_doma
    in/bin

    Then :

    $ ./stopManagedWebLogic.sh bi_server1
    3. Stop All Web Logic (EPM & OBIEE)

    1) For EPM (7001)

    Open Directory:

    /app/RRCCN/EPM/Middleware/user_projects/domains/EPMSystem/bin

    Then :

    $ ./stopWebLogic.sh

    2) For OBIEE (7002)

    Open Directory:

    /
    app/RRCCN/OBIEE/MiddlewareBI/user_projects/domains/bifoundation_doma
    in/bin

    Then :

    $ ./stopWebLogic.sh

    B. Set Java Home Variable


    JAVA_HOME=C:\Oracle\Middleware\jdk160_35
    C. Create Wallet and Self Signed RootCert
    1) Create Folder serverkey inside directory C:\Oracle\Middleware

    2) Navigate to directory C:\Oracle\Middleware\oracle_common\bin


    3) Create Wallet for RootCert Repo,
    orapki wallet create -wallet C:\Oracle\Middleware\serverkey\rootca -pwd
    P@ssw0rd

    [Refer to Credential Doc.xlsx]

    4) Create and Add Sign-in The RootCert into Wallet


    orapki wallet add -wallet C:\Oracle\Middleware\serverkey\rootca -dn
    CN=PACN,OU=ITD,O=PA,L=Singapore,S=Singapore,C=Singapore -keysize
    2048 -self_signed -validity 3650 pwd P@ssw0rd

    [Refer to Credential Doc.xlsx]


    D.Create KeyStore
    1) Create folder ssl_webserver for save the keystore under directory
    C:\Oracle\Middleware\serverkey
    2) Move to directory: C:\Oracle\Middleware\jdk160_35\bin

    3) Then Generate the keystore:

    keytool -genkey -alias HYP11124 -keyalg RSA -keystore


    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks -keysize
    2048

    Enter keystore password as : [Refer to Credential Doc.xlsx] P@ssw0rd

    Re-enter : [Refer to Credential Doc.xlsx], P@ssw0rd

    Use as below details:

    First and Last Name : HYP11124

    Name of Organizational Unit : ITD

    Name of Organization : PA

    City or Locality : Singapore

    State or Province : Singapore

    Two-Letter Country Code : SG

    Correct? Yes

    , then Enter to proceed


    E. Generate Cert Request (CSR) from the KeyStore
    1) Generate CSR from KeyStore :
    keytool -certreq -alias HYP11124 -keystore
    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks -file
    C:\Oracle\Middleware\serverkey\ssl_webserver\csr.HYP11124.txt

    Enter Password KeyStore : [Refer to Credential Doc.xlsx] P@ssw0rd


    F. Generate Completing Cert from CSR
    1) Move to directory: C:\Oracle\Middleware\oracle_common\bin

    orapki cert create -wallet C:\Oracle\Middleware\serverkey\rootca -request


    C:\Oracle\Middleware\serverkey\ssl_webserver\csr.HYP11124.txt -cert
    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.txt -validity 3650

    Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd


    G.Generate RootCert into Text File
    1) Generate RootCert into Txt
    orapki wallet export -wallet C:\Oracle\Middleware\serverkey\rootca -dn
    CN=PACN,OU=ITD,O=PA,L=Singapore,S=Singapore,C=Singapore -cert
    C:\Oracle\Middleware\serverkey\rootca.HYP11124.txt

    password : P@ssw0rd
    H.Import RootCert to KeyStore

    1) Move to directory: C:\Oracle\Middleware\jdk160_35\bin

    Import the RootCert Txt into KeyStore

    keytool -import -trustcacerts -alias PACN -file


    C:\Oracle\Middleware\serverkey\rootca.HYP11124.txt -keystore
    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks

    password : P@ssw0rd

    Enter KeyStore : [Refer to Credential Doc.xlsx]

    Trust Certificate : Yes


    I. Import Cert into KeyStore
    1) Import the Cert into KeyStore :
    keytool -import -trustcacerts -alias HYP11124 -file
    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.txt -keystore
    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks

    Enter KeyStore Password : [Refer to Credential Doc.xlsx] P@ssw0rd


    J. Convert KeyStore to The Wallet
    1) Create another Wallet (wallet.HYP11124)
    2) Go to C:\Oracle\Middleware\oracle_common\bin

    orapki wallet create -wallet


    C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124

    Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd

    Re-Enter Password : [Refer to Credential Doc.xlsx] P@ssw0rd


    3) Convert KeyStore to Wallet
    orapki wallet jks_to_pkcs12 -wallet
    C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124 -keystore
    C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks

    Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd

    Enter KeyStore (JKS) Password : [Refer to Credential Doc.xlsx] P@ssw0rd


    K. Configure Wallet Manager
    1) Open the wallet manager from start menu :

    2) Choose Wallet and Open.


    3) Choose Yes.

    4) Choose the Wallet that have been converted from KeyStore(JKS) before as
    below.

    C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124.sg.uobnet
    .com

    5) Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd


    6) All RootCert and Cert already inputted.

    7) Choose Wallet and Check Box the Auto Login


    8) Then Click SAVE
    L. Backup OHS Files Setup (Original After EPMA)
    Backup the existing files of SSL.CONF , MOD_WL_OHS.CONF , HTTPD.CONF
    C:\Oracle\Middleware\user_projects\epmsystem1\httpConfig\ohs\config\OHS\ohs_
    component
    1) Backup SSL.CONF , MOD_WL_OHS.CONF , HTTPD.CONF as below

    M. OHS Files Setup


    Open Directory
    C:\Oracle\Middleware\user_projects\epmsystem1\httpConfig\ohs\config\OHS\ohs_
    component

    1. SSL.CONF
    1) Open the ssl.conf on editor text

    Make Sure the OHS Listen Port:

    Listen 19443
    2) Make Sure the script is added :

    ---------------------------------------------------------------------

    NameVirtualHost HYP11124:19443

    <VirtualHost HYP11124:19443>

    <IfModule ossl_module>

    ---------------------------------------------------------------------

    -------------------------------------------------------------------

    #Path to the wallet

    SSLWallet SSLWallet "


    C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124"

    SSLProxyWallet SSLProxyWallet
    "C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124"

    --------------------------------------------------------------------

    File attached
    ssl.conf

    2. MOD_WL_OHS.CONF
    1) Open the mod_wl_ohs.conf.
    2) Make Sure the below is added :

    WLSSLWallet C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124

    SecureProxy ON

    ------------------------------------------------------------------------
    3) Change The Port and also add some WLProxySSL ON and pathTrim /,
    as below (Follow the red boxes).
    Note: Some locationMatch is not visible here. I have added /analytics in
    mod_wl_ohs.conf file above also

    File attached :

    mod_wl_ohs.conf
    3. HTTPD.CONF
    $ vi httpd.conf

    Change the Port Listen (Red Box):

    Listen 8080
    1) Un-Comment (Erase #) the below Line:
    2) Comment (Add #) in below line

    File attached :

    httpd.conf

    Вам также может понравиться