Using the SSL Automation Tool 7-5

7.4 Configuring a Component Server

You configure a server by invoking the SSLServerConfig.sh script. This script uses the SSL Domain CA to generate a Server Certificate. Then the script passes control to a component specific configuration script, which picks up the generated Server Certificate and configures the component to accept SSL connections. To run this script, you need the following information: ■ Connection information host and port for the LDAP directory used by the deployment. ■ Administrator credentials that enable you to access that LDAP directory. ■ Server name. This can be either the WebLogic Administration Server or a Managed Server. Before invoking the script, enter a shell that is set up with the default environment for an Oracle Fusion Middleware installation. The location of the script is: ORACLE_ COMMON_HOMEoracle_commonbinSSLServerConfig.sh The syntax for the script is: SSLServerConfig.sh -component [oid|ovd|oam|wls] [-v] Specify one and only one component. Depending on the component you specify, SSLServerConfig.sh invokes a component-specific script. Component-specific server scripts have names of the form COMPONENT_NAME_SSL_Server_Config.sh. If you specify the component option wls, the script configures all Java EE components on the named server. Java EE components include Oracle Identity Navigator, Oracle Access Manager 11g, Oracle Identity Manager, and Oracle Identity Federation. To configure Oracle Internet Directory, Oracle Virtual Directory, or Oracle Access Manager 10g, use the appropriate component option, as shown in Table 7–4 . Provide information when prompted. If you are using the oid or ovd option, and your Oracle Internet Directory or Oracle Virtual Directory host is not the same as your WebLogic Server host in a high availability environment, for example, you must run the server script on the Oracle Internet Directory or Oracle Virtual Directory host. This script performs the following tasks: ■ Downloads the Demo Signing CA generated in Section 7.3 and stores it in ORACLE_HOMErootCA. ■ Executes the component-specific script COMPONENT_NAME_SSL_Server_ Config.sh, if appropriate. The component-specific script performs the following tasks: Table 7–4 Component Options to SSLServerConfig.sh Component Option Script Invoked Component Configured wls WLS_SSL_Server_Config.sh Oracle WebLogic Server and Java EE components oid OID_SSL_Server_Config.sh Oracle Internet Directory server ovd OVD_SSL_Server_Config.sh Oracle Virtual Directory server oam OAM_SSL_Server_Config.sh Oracle Access Manager 10g server 7-6 Oracle Fusion Middleware Administrators Guide ■ Generates a server certificate based on the Demo Signing CA Wallet. ■ Imports the certificate into the component-specific walletkeystore. ■ Configures the component instance for SSL Server-Auth, based on the new server certificate in the component specific walletkeystore. 7.4.1 Example: Configuring a WebLogic Server and Java EE Components .SSLServerConfig.sh -component wls Server SSL Automation Script: Release 11.1.1.4.0 - Production Copyright c 2010 Oracle. All rights reserved. Downloading the CA wallet from the central LDAP location... Enter the LDAP Hostname [adc2100651.example.com]: Enter the LDAP port [3060]: 16468 Enter an admin user DN [cn=orcladmin] Enter password for cn=orcladmin: Enter the sslDomain for the CA [idm]: Enter a password to protect your SSL walletkeystore: Enter confirmed password for your SSL walletkeystore: Enter password for the CA wallet: Searching the LDAP for the CA usercertificate ... Importing the CA certifcate into trust stores... Searching the LDAP for the CA userpkcs12 ... Invoking Weblogic SSL Server Configuration Script... Enter attribute values for your certificate DN Country Name 2 letter code [US]: State or Province Name [California]: Locality Nameeg, city []:Belmont Organization Name eg, company [mycompany]:Oracle Organizational Unit Name eg, section [wls-20101123115644]:wls-admin Common Name eg, hostName.domainName.com [adc2100651.example.com]: The subject DN is cn=adc2100651.example.com,ou=wls-admin,O=Oracle,l=Belmont,st=California,c=US Import the existing CA at mw784im7335rootCAcacert.der into keystore... Import the server certificate at mw784im7335rootCAkeystoreswlscert.txt into kstore... Configuring SSL for your WLS server instance... Enter your WLS domain home directory: mw784user_projectsdomainsimdomain8017 Enter your WLS server instance name [AdminServer] Enter SSL Listen Port: [7002] 7778 Enter weblogic admin port: [7001] 19249 Enter weblogic admin user: [weblogic] Enter password for weblogic: Enter your keystore name [identity.jks]: id.jks mw784im7335rootCAkeystoreswls mw784user_projectsdomainsimdomain8017keystoresid.jks Configuring WLS AdminServer ... Running mw784im7335commonbinwlst.sh mw784im7335rootCAkeystoreswlswlssvr.py... Your WLS server has been set up successfully 7.4.2 Example: Configuring an Oracle Internet Directory Server Component .SSLServerConfig.sh -component oid Server SSL Automation Script: Release 11.1.1.4.0 - Production Copyright c 2010 Oracle. All rights reserved.