Wednesday, June 25, 2014

SSL Configuration with GoDaddy

I already have a post for configuration of SSL .. but that was more to do with Verisign.

Very recently I configured one for GoDaddy. There is a slight change so putting it up...

Requesting and Importing SSL certificate for Integration Broker.

Requirement: Integration Broker URL needed to be SSL.

Why did we need the a New Certificate: We were using wildcard certificate. We cannot use it with PeopleSoft Integration broker. SSL Header gives the hostname which is not possible with a wildcard certificateS.

Steps taken:

1. Request for a new Certificate : Navigate to your PIA Domain's piabin directory (%PS_HOME%\webserv\peoplesoft\piabin
    pskeymanager.cmd -create
    Give appropriate values - important ones that matter
        alias : Generally the same name as the hostname on which PIA is installed.
        common name - the URL that you are going to use. eg. prdigw.mydomain.com
        encryption - 2048

2. Send the Generated CSR to the signing authority.

3. Importing the Certificate
    Once you receive a reply from the signing authority .. in this case GoDaddy follow the following steps.
    1. Get the root and intermediate certificate from GoDaddy
        to get this one does not need to download from godaddy.com, you will get it along with the certificate
        a. View the certificate - prdigw.crt (double click)
        b. Click on Certification Path to see three entries.
            1. Top one is the root certificate.
            2. Middle one is the intermediate.
            3. Last one is the actual certificate.
        c. Click on root certificate -> click on view certificate -> details tab -> copy to file
        d. Click on intermediate certificate -> click on view certificate -> details tab -> copy to file  
       
    2. Now you have the root , intermediate  and main certificate.
        a. Open an editor like ultra edit
        b. Save the blank one as combined.crt
        c. Now copy the three certificates one below the other in combined.crt in the sequence mentioned below
                1. prdigw.crt (main certificate)
                2. intermediate certificate
                3. root certificate  
   
    3. Copy the root certificate and combined.crt to piabin directory.
   
    4. pskeymanager -import  to import the root certificate first (you can give a meaning alias)
   
    5. pskeymanager -import to import the combined.crt ( hit enter for the alias as this should be the same as what you gave while creating the CSR)

    6. Login to console and navigate to
            Servers - PIA - Keystores
                    change Keystores to Custom Identity and Custom Trust
                    give passphrase (4 in all) and save
            Servers - PIA  - SSL
                    give the private alias: this is the one we gave while creating the CSR and importing the certificate (step 5 above)
                    give passphrase
                    Click on advanced and check the checkbox for Use JSSE SSL

    7. Bounce the necessary web servers/ application servers.