Friday, October 16, 2015

OIM and OIA SSL Setup and keytool and orapki commands


keytool -importcert -alias youranyaliasname -trustcacerts -file /tmp/deepak/dubey/filename.pem -keystore /tmp/deepak/dubey/mycustomkeystore.jks

on oim admin console
hostname verification to none

update xlconfig.xml to t3s and ssl port

copy 3 jar files
webservices+ssl.jar
jcryptoj.jar

change the keystores in OIA weblogic from the demo keystores to OIM's custom keystores

OHS to OIM mod_wl_ohs.conf

<Location /identity>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost deepak.dubey.com
WebLogicPort 14001
Debug ALL
SecureProxy ON
WlSSLWallet "/tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet"
WLIOTimeoutSecs 600
Idempotent OFF
WLSRequest ON
WLProxySSL ON
WLProxySSLPassThrough ON
</Location>


change ssl.conf

SSLWallet "/tmp/deepak/dubey/wallets/ohswallet"

./orapki wallet create -wallet /tmp/deepak/dubey/wallets/ohswallet -auto_login_only

./orapki wallet add -wallet /tmp/deepak/dubey/wallets/ohswallet -dn CN=hostname -keysize 2048 -self_signed -validity 3650 -auto_login_only

./orapki wallet create -wallet /tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet -auto_login_only

./orapki wallet add -wallet /tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet -trusted_cert -cert RootCA.txt -auto_login_only

./orapki wallet add -wallet /tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet -trusted_cert -cert HostNameSelfSigned.txt -auto_login_only


keytool -importcert -alias OHS -file OIM-Server.cert -keystore /tmp/deepak/dubey/config/keystores/appTrustKeyStore-hostname.jks

keytool -export -alias myAliasName -file /tmp/deepak/dubey/myAliasName.txt -keystore /tmp/deepak/dubey/config/KeyStores/appIdentityKeyStore.jks -rfc


keytool -export -alias RootCA -file /tmp/deepak/dubey/RootCA.txt -keystore /tmp/deepak/dubey/config/KeyStores/appTrustKeyStore-hostname.jks -rfc