Task #513
SSL Certificate Setup
Status: | Work Completed-End life cycle | Start date: | October 07, 2010 | |
---|---|---|---|---|
Priority: | High | Due date: | October 08, 2010 | |
Assignee: | Ang Wei Cheng | % Done: | 100% | |
Category: | - | Estimated time: | 10.00 hours | |
Target version: | - | Spent time: | 12.00 hours |
Description
Figure out and document down on how to setup one way and two way SSL certificates in AquaLogic or WebLogic.
History
#1 Updated by Ang Wei Cheng almost 14 years ago
- % Done changed from 0 to 10
There's transport level (SSL) and message level encryption(Web service policy, propriety extension of WSDL in WebLogic).
Assuming only transport level encryption is used for now.
http://download.oracle.com/docs/cd/E13171_01/alsb/docs30/security/security_faq.html
#2 Updated by Ang Wei Cheng almost 14 years ago
- Status changed from New - Begin Life Cycle to Work Completed-End life cycle
- % Done changed from 10 to 100
- Estimated time set to 10.00
Getting more information from Hazli and Nazri.
From my understanding:-
It is a 2-way SSL authentication. KFH side is using an unsigned(non CA certified) certificate to connect to the remote HTTPS web service. What we are trying to do is configure the AquaLogic to use the the SSL certificate of KFH while making POST request to that remote host.
1)Import the key provided by KFH into java keystore using "keytool" command. It is included in the Java SDK. Keystore is a ".jks" file.
2)Upload keystore file into the WebLogic server. Define the absolute path in the WebLogic console.
3)Go to "Security Realm" -> "Providers" -> "Credential Mapping". Create a new mapping that points to the absolute path of the keystore file.
4)Go to the Aqua Logic console.
Project Explorer -> ePay
5)Create new Proxy Service Provider. Choose the Encryption key etc as defined in the WebLogic Credential Mapping.
6)Create new Proxy Service. Choose to use the Proxy Service Provider as defined in the Step 5.
For ePay, this kind of configuration is required because it connects directly to the remote web service.
For M1, the security configuration is presumed to done at the EJB that acts as the middle person between local and remote web service.