Wednesday, October 7, 2015

RMI Over SSL in ATG Platform Configuration

RMI Over SSL


Component:

Use this component for RMI over SSL configuration /atg/dynamo/service/socket/SSLRMISocketFactory


Enable RMI Over SSL:
set the RMISocketFactory property of the /atg/dynamo/server/RmiInitialization component to point to the SSLRMISocketFactory component

eg: RMISocketFactory=/atg/dynamo/service/socket/SSLRMISocketFactory



Configuring Keys and Certificates:



1. Go to your ATGDir\home directory.

2. Use the keytool utility to export the Oracle ATG Web Commerce certificate:

keytool -export -alias atgkey –keystore ..\DAS\keystore\atg-ssl.jks
-rfc –file ..\DAS\keystore\atg-ssl.cer

3. Enter atgkey when prompted for the key store password:

Enter password name: atgkey
Certificate stored in file <..\das\keystore\atg-ssl.cer>

4. Now import the Oracle ATG Web Commerce certificate:

keytool -import -alias atgcert -file ..\DAS\keystore\atg-ssl.cer -keystore
..\DAS\keystore\cacerts.jks

The key tool utility displays information about the certificate:

5. Owner: CN=Snorthog, OU=Dynamo, O=Art Techonology Group, L=Cambridge,
ST=MA, C=US
Issuer: CN=Snorthog, OU=Dynamo, O=Art Techonology Group, L=Cambridge,
ST=MA, C=US
Serial number: 3eef2fc2
Valid from: Tue Jun 17 11:12:02 EDT 2003 until: Thu May 04 14:50:08
EDT 2006
Certificate fingerprints:
         MD5:  95:0E:9A:3A:D7:C9:A6:CA:73:B5:CA:C0:44:DB:E0:1E
         SHA1: 32:38:3C:AD:57:BB:59:B7:9C:91:A3:79:03:56:9E:96:44:37:20:4C

6. Answer yes when prompted whether to trust the certificate:

Trust this certificate? [no]: yes
Certificate was added to keystore



Generating a New Certificate on Production Environment:



We can use the keytool utility to generate a new private key and public key, and wrap the public key into a new self-signed certificate.

1. Configure the /atg/dynamo/security/BasicSSLConfiguration component on each server.

2. You must set the keyStore and trustStore properties to point to your new key store and trust store file locations. You must also set the keyStorePassword and trustStorePassword properties to the values that you used when creating the key store and trust store.


Note: Use the JDK keytool utility with the –genkey flag to generate a new self-signed certificate that wraps the public key.



Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)

Popular Posts