I already have a post for configuration of SSL .. but that was more to do with Verisign.
Very recently I configured one for GoDaddy. There is a slight change so putting it up...
Requesting and Importing SSL certificate for Integration Broker.
Requirement: Integration Broker URL needed to be SSL.
Why did we need the a New Certificate: We were using wildcard certificate. We cannot use it with PeopleSoft Integration broker. SSL Header gives the hostname which is not possible with a wildcard certificateS.
Steps taken:
1. Request for a new Certificate : Navigate to your PIA Domain's piabin directory (%PS_HOME%\webserv\peoplesoft\piabin
pskeymanager.cmd -create
Give appropriate values - important ones that matter
alias : Generally the same name as the hostname on which PIA is installed.
common name - the URL that you are going to use. eg. prdigw.mydomain.com
encryption - 2048
2. Send the Generated CSR to the signing authority.
3. Importing the Certificate
Once you receive a reply from the signing authority .. in this case GoDaddy follow the following steps.
1. Get the root and intermediate certificate from GoDaddy
to get this one does not need to download from godaddy.com, you will get it along with the certificate
a. View the certificate - prdigw.crt (double click)
b. Click on Certification Path to see three entries.
1. Top one is the root certificate.
2. Middle one is the intermediate.
3. Last one is the actual certificate.
c. Click on root certificate -> click on view certificate -> details tab -> copy to file
d. Click on intermediate certificate -> click on view certificate -> details tab -> copy to file
2. Now you have the root , intermediate and main certificate.
a. Open an editor like ultra edit
b. Save the blank one as combined.crt
c. Now copy the three certificates one below the other in combined.crt in the sequence mentioned below
1. prdigw.crt (main certificate)
2. intermediate certificate
3. root certificate
3. Copy the root certificate and combined.crt to piabin directory.
4. pskeymanager -import to import the root certificate first (you can give a meaning alias)
5. pskeymanager -import to import the combined.crt ( hit enter for the alias as this should be the same as what you gave while creating the CSR)
6. Login to console and navigate to
Servers - PIA - Keystores
change Keystores to Custom Identity and Custom Trust
give passphrase (4 in all) and save
Servers - PIA - SSL
give the private alias: this is the one we gave while creating the CSR and importing the certificate (step 5 above)
give passphrase
Click on advanced and check the checkbox for Use JSSE SSL
7. Bounce the necessary web servers/ application servers.
Very recently I configured one for GoDaddy. There is a slight change so putting it up...
Requesting and Importing SSL certificate for Integration Broker.
Requirement: Integration Broker URL needed to be SSL.
Why did we need the a New Certificate: We were using wildcard certificate. We cannot use it with PeopleSoft Integration broker. SSL Header gives the hostname which is not possible with a wildcard certificateS.
Steps taken:
1. Request for a new Certificate : Navigate to your PIA Domain's piabin directory (%PS_HOME%\webserv\peoplesoft\piabin
pskeymanager.cmd -create
Give appropriate values - important ones that matter
alias : Generally the same name as the hostname on which PIA is installed.
common name - the URL that you are going to use. eg. prdigw.mydomain.com
encryption - 2048
2. Send the Generated CSR to the signing authority.
3. Importing the Certificate
Once you receive a reply from the signing authority .. in this case GoDaddy follow the following steps.
1. Get the root and intermediate certificate from GoDaddy
to get this one does not need to download from godaddy.com, you will get it along with the certificate
a. View the certificate - prdigw.crt (double click)
b. Click on Certification Path to see three entries.
1. Top one is the root certificate.
2. Middle one is the intermediate.
3. Last one is the actual certificate.
c. Click on root certificate -> click on view certificate -> details tab -> copy to file
d. Click on intermediate certificate -> click on view certificate -> details tab -> copy to file
2. Now you have the root , intermediate and main certificate.
a. Open an editor like ultra edit
b. Save the blank one as combined.crt
c. Now copy the three certificates one below the other in combined.crt in the sequence mentioned below
1. prdigw.crt (main certificate)
2. intermediate certificate
3. root certificate
3. Copy the root certificate and combined.crt to piabin directory.
4. pskeymanager -import to import the root certificate first (you can give a meaning alias)
5. pskeymanager -import to import the combined.crt ( hit enter for the alias as this should be the same as what you gave while creating the CSR)
6. Login to console and navigate to
Servers - PIA - Keystores
change Keystores to Custom Identity and Custom Trust
give passphrase (4 in all) and save
Servers - PIA - SSL
give the private alias: this is the one we gave while creating the CSR and importing the certificate (step 5 above)
give passphrase
Click on advanced and check the checkbox for Use JSSE SSL
7. Bounce the necessary web servers/ application servers.
No comments:
Post a Comment