Configure SSL for UCM
Open you content server with URL as follows:
http://localhost:16200/cs
And provide the username and password and click on “Sign In”.
You will get the page like this.
Now go to “Administration” tab and select “Admin Server”.
When you click on “Admin Server” following screen will appear.
Now click on “Advance Component Manager” as highlighted below in screen.
After clicking
After clicking on “Advance Component Manager” the following screen will appear.
Now go down in the page and search for option “Install New Component”.
Now download the “Security Provider.zip” and click on browse button of UCM option “Install New Component”.
if you are not getting Security Provider.zip file anywhere kindly send me mail on "kumar.kunal2808@gmail.com" I will send you across.
Select the “SecurityProvider.zip” and click on “Open”. Then Click on “Install” button. Then click on “Continue”.
On Clicking on “Continue” following screen will appear.
Now restart your managed UCM server.
Now open a command window go to location “D:\Oracle\Middleware\jdk160_24\bin”.
Now
Now type the following command. This command will generate a separate key pair for the client.
keytool -genkey -alias SecureClient -keyalg RSA -keystore client_keystore.jks -dname "cn=SecureClient, OU=KKUMAR, O=KK Test, L=Bangalore, S=Karnataka, C=IN" -keypass idcidc -storepass idcidc
And hit Enter.
Now type the following command. This command will generate a separate key pair for the server.
keytool -genkey -alias SecureServer -keyalg RSA -keystore server_keystore.jks -dname "cn=SecureServer, OU=KKUMAR, O=KK Test, L=Bangalore, S=Karnataka, C=IN" -keypass idcidc -storepass idcidc
Keys are unusable unless they are signed. The keytool utility will self-sign them for you so that you can use the certificates for internal testing. However, these keys are not signed for general use.
From a command line prompt, issue the -selfcert command (this command self-signs your certificates and takes several arguments). Below command will self certify the key for client.
keytool -selfcert -alias SecureClient -keystore client_keystore.jks -keypass idcidc -storepass idcidc
Below command will self certify the key for server. Execute the following command in order to certify the server keystore.
keytool -selfcert -alias SecureServer -keystore server_keystore.jks -keypass idcidc -storepass idcidc
After we have created the client and server keys and self-signed the certificates, we now have two key pairs (public and private keys) in two certificates locked in two keystores. Since each application will need to have the public key of the other to encrypt and decrypt data, you need to place a copy of each public key in the other application's keystore. Below command will export client certificate.
keytool -export -alias SecureClient -file client_cert.cert -keystore client_keystore.jks -storepass idcidc
Below command will export server certificate.
keytool -export -alias SecureServer -file server_cert.cert -keystore server_keystore.jks -storepass idcidc
The final step in setting up our self-signed certificates is to import the public certificates of each program into the keystore of the other. Keytool will present you with the details of the certificates we are requesting to be imported and provide a request confirmation.
keytool -import -alias SecureClient -file client_cert.cert -keystore server_trustore.jks -storepass idcidc
keytool -import -alias SecureServer -file server_cert.cert -keystore client_trustore.jks -storepass idcidc
Now login into UCM again and go to “Administration > Provider” It will open the following screen.
Now click on “Add” button for “sslincoming” as highlighted below.
On Clicking on “Add” following screen will appear.
Now provide the following information and click on “Add”.
Provider Name: myprovider
Provider Description: my provider
Provider Class: idc.provider.ssl.SSLSocketIncomingProvider
Provider Connection: intradoc.provider.SocketIncomingConnection
Server Thread Class: intradoc.server.IdcServerThread
Server Port: 5555
Request Client Authentication: Checked
Require Client Authentication: Uncheck
KeyStore Password: idcidc
Alias: SecureServer
Alias Password: idcidc
TrustStore Password: idcidc
Now you can see that in “Connection State” it is showing that it Requires a restart.
Now go to the location “D:\Oracle\Middleware\user_projects\domains\ecm_base\ucm\cs\data\providers” . You can see that a folder with name of your provider is created.
When you open this folder you can find a “provider.hda” file.
Open the “provider.hda” file in editor and modify the value as following shown below:
<?hda version="11gR1-11.1.1.6.0-idcprod1-111219T111403" jcharset="UTF8" encoding="utf-8"?>
@Properties LocalData
IncomingThread=intradoc.server.IdcServerThread
IntradocServerHostName=
KeystoreFile=D:/Oracle/Middleware/user_projects/domains/ecm_base/ucm/cs/data/providers/myprovider/server_keystore.jks
KeystoreAlias=SecureServer
KeystoreAliasPassword=idcidc
KeystorePassword=idcidc
NeedClientAuth=
PasswordScope=myprovider
ProviderClass=idc.provider.ssl.SSLSocketIncomingProvider
ProviderConfig=
ProviderConnection=intradoc.provider.SocketIncomingConnection
ProviderType=sslincoming
ServerPort=5555
TruststoreFile=D:/Oracle/Middleware/user_projects/domains/ecm_base/ucm/cs/data/providers/myprovider/server_trustore.jks
TruststorePassword=idcidc
WantClientAuth=1
blDateFormat=M/d{/yy}{ h:mm[:ss]{ a}}!mAM,PM!tAsia/Calcutta
pLastModified=1367136326747
pName=myprovider
@end
Now go to the location where you have created your keystore and truststore files. In my case it is “D:\Oracle\Middleware\jdk160_24\bin”. And copy all the files created by keytool after running your previous commands.
Paste the copied file in the “myprovider” folder i.e.
“D:\Oracle\Middleware\user_projects\domains\ecm_base\ucm\cs\data\providers\myprovider”.
Now Restart your UCM server and login into UCM again. Now go to “provider”. You can see that “sslincoming” connection state is showing good.
In this way you can configure the UCM for SSL.
http://localhost:16200/cs
And provide the username and password and click on “Sign In”.
You will get the page like this.
Now go to “Administration” tab and select “Admin Server”.
When you click on “Admin Server” following screen will appear.
Now click on “Advance Component Manager” as highlighted below in screen.
After clicking
After clicking on “Advance Component Manager” the following screen will appear.
Now go down in the page and search for option “Install New Component”.
Now download the “Security Provider.zip” and click on browse button of UCM option “Install New Component”.
if you are not getting Security Provider.zip file anywhere kindly send me mail on "kumar.kunal2808@gmail.com" I will send you across.
Select the “SecurityProvider.zip” and click on “Open”. Then Click on “Install” button. Then click on “Continue”.
On Clicking on “Continue” following screen will appear.
Now restart your managed UCM server.
Now open a command window go to location “D:\Oracle\Middleware\jdk160_24\bin”.
Now
Now type the following command. This command will generate a separate key pair for the client.
keytool -genkey -alias SecureClient -keyalg RSA -keystore client_keystore.jks -dname "cn=SecureClient, OU=KKUMAR, O=KK Test, L=Bangalore, S=Karnataka, C=IN" -keypass idcidc -storepass idcidc
And hit Enter.
Now type the following command. This command will generate a separate key pair for the server.
keytool -genkey -alias SecureServer -keyalg RSA -keystore server_keystore.jks -dname "cn=SecureServer, OU=KKUMAR, O=KK Test, L=Bangalore, S=Karnataka, C=IN" -keypass idcidc -storepass idcidc
Keys are unusable unless they are signed. The keytool utility will self-sign them for you so that you can use the certificates for internal testing. However, these keys are not signed for general use.
From a command line prompt, issue the -selfcert command (this command self-signs your certificates and takes several arguments). Below command will self certify the key for client.
keytool -selfcert -alias SecureClient -keystore client_keystore.jks -keypass idcidc -storepass idcidc
Below command will self certify the key for server. Execute the following command in order to certify the server keystore.
keytool -selfcert -alias SecureServer -keystore server_keystore.jks -keypass idcidc -storepass idcidc
After we have created the client and server keys and self-signed the certificates, we now have two key pairs (public and private keys) in two certificates locked in two keystores. Since each application will need to have the public key of the other to encrypt and decrypt data, you need to place a copy of each public key in the other application's keystore. Below command will export client certificate.
keytool -export -alias SecureClient -file client_cert.cert -keystore client_keystore.jks -storepass idcidc
Below command will export server certificate.
keytool -export -alias SecureServer -file server_cert.cert -keystore server_keystore.jks -storepass idcidc
The final step in setting up our self-signed certificates is to import the public certificates of each program into the keystore of the other. Keytool will present you with the details of the certificates we are requesting to be imported and provide a request confirmation.
keytool -import -alias SecureClient -file client_cert.cert -keystore server_trustore.jks -storepass idcidc
keytool -import -alias SecureServer -file server_cert.cert -keystore client_trustore.jks -storepass idcidc
Now login into UCM again and go to “Administration > Provider” It will open the following screen.
Now click on “Add” button for “sslincoming” as highlighted below.
On Clicking on “Add” following screen will appear.
Now provide the following information and click on “Add”.
Provider Name: myprovider
Provider Description: my provider
Provider Class: idc.provider.ssl.SSLSocketIncomingProvider
Provider Connection: intradoc.provider.SocketIncomingConnection
Server Thread Class: intradoc.server.IdcServerThread
Server Port: 5555
Request Client Authentication: Checked
Require Client Authentication: Uncheck
KeyStore Password: idcidc
Alias: SecureServer
Alias Password: idcidc
TrustStore Password: idcidc
Now you can see that in “Connection State” it is showing that it Requires a restart.
Now go to the location “D:\Oracle\Middleware\user_projects\domains\ecm_base\ucm\cs\data\providers” . You can see that a folder with name of your provider is created.
When you open this folder you can find a “provider.hda” file.
Open the “provider.hda” file in editor and modify the value as following shown below:
<?hda version="11gR1-11.1.1.6.0-idcprod1-111219T111403" jcharset="UTF8" encoding="utf-8"?>
@Properties LocalData
IncomingThread=intradoc.server.IdcServerThread
IntradocServerHostName=
KeystoreFile=D:/Oracle/Middleware/user_projects/domains/ecm_base/ucm/cs/data/providers/myprovider/server_keystore.jks
KeystoreAlias=SecureServer
KeystoreAliasPassword=idcidc
KeystorePassword=idcidc
NeedClientAuth=
PasswordScope=myprovider
ProviderClass=idc.provider.ssl.SSLSocketIncomingProvider
ProviderConfig=
ProviderConnection=intradoc.provider.SocketIncomingConnection
ProviderType=sslincoming
ServerPort=5555
TruststoreFile=D:/Oracle/Middleware/user_projects/domains/ecm_base/ucm/cs/data/providers/myprovider/server_trustore.jks
TruststorePassword=idcidc
WantClientAuth=1
blDateFormat=M/d{/yy}{ h:mm[:ss]{ a}}!mAM,PM!tAsia/Calcutta
pLastModified=1367136326747
pName=myprovider
@end
Now go to the location where you have created your keystore and truststore files. In my case it is “D:\Oracle\Middleware\jdk160_24\bin”. And copy all the files created by keytool after running your previous commands.
Paste the copied file in the “myprovider” folder i.e.
“D:\Oracle\Middleware\user_projects\domains\ecm_base\ucm\cs\data\providers\myprovider”.
Now Restart your UCM server and login into UCM again. Now go to “provider”. You can see that “sslincoming” connection state is showing good.
In this way you can configure the UCM for SSL.
Comments
Post a Comment