560 likes | 862 Views
Implementing SSL with WebLogic and E1 Business Services. 2013JDE-100530. Agenda. Introductions Experience & References Our Company Current Activity Customer Case Studies Quick Overview of Terms High Level Discussion of need for SSL
E N D
Implementing SSL with WebLogic and E1 Business Services 2013JDE-100530
Agenda • Introductions • Experience & References • Our Company • Current Activity • Customer Case Studies • Quick Overview of Terms • High Level Discussion of need for SSL • Overview of MTR and how/where to obtain needed certificates • Live Setup and configuration • Questions and Answers • Survey
Team Expertise • Average 15+ years industry experience as CFOs, senior managers, operation specialists and project leaders • Average 16+ years JDE experience across multiple functional areas • Highly qualified and certified in multiple areas such as business and consulting disciplines, project management, various tools and technologies • Senior, industry-recognized technologists, systems architects, developers, and published theorists • Experience across multiple industries including Manufacturing, Distribution, Pharmaceutical, CPG, Retail, Energy and Gas, Food & Beverage among others
Nationwide Organization focused exclusively on JDE Clients & Services • Experience • 750+ years of core JDE Experience around all versions and applications • US based consultants have an average of 15+ years of JDE experience; most are Oracle Certified • 28+ year relationship with Oracle’s JD Edwards Team • Oracle Platinum Partner • Technologies • Blue Stack / Red Stack / Purple Stack • WebSphere / Oracle Application Server / WebLogic / Fusion Middleware • Terminal Server / Citrix / VMware / Oracle VM • XPI / webMethods / Web Services Gateway / Business Services Server XML & BI Publisher • Service Specialties • Upgrades, Assessments, Implementations (local , regional, and global)…140+ • Managed Services, Remote DBA Services, iSeries Services, Field Consulting, Application Services • JD Edwards Performance Optimization, Load Balancing, Archiving, High Availability & Hosting • Custom self service end user Training Programs • Confident enough to have a 100% Guarantee on all services • Affiliations • Member of Oracle’s Technical Task Force • Moderator of Veteran JD Edwards Consultants Group (LinkedIn) • Gold Partner of Quest International Users Group
Overview of Terms • BSSV (Business services servers) are JD Edwards EnterpriseOne business function objects that are used for interoperability between JD Edwards EnterpriseOne and other applications or systems
Overview of Terms • LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet
Overview of Terms • SSL(Secure Socket Layer) is a commonly-used protocol for managing the security of a message transmission on the Internet. Typically noted by HTTPS:// when using a browser
Overview of Terms • SSL Certificates are small data files that digitally bind a cryptographic keyto an organization’s details. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser
WHY do we need to implement SSL? Data transmitted between your web browser is done so in plain text. Meaning it is easily susceptible to being captured or viewed by a unauthorized person. More and more companies are implementing LDAP enabled username/passwords meaning your Microsoft network password could be captured.
WHY do we need to implement SSL? Business services often communicate and pass sensitive data back and forth using clear text for processing. This could be customer account information, employee social security numbers and credit card numbers and banking transit and routing information.
WHY do we need to implement SSL? More and more organizations utilizing remote data centers and facilities, meaning more and more data is being transmitted across the internet rather than in-house secured equipment. This leave data vulnerable to authorized persons capturing and or viewing business sensitive information.
Review of MTR’S • Go to My Oracle Support • Search latest MTR for Weblogic as well as current EnterpriseOne tools release to confirm compatibility. • Confirm browser compatibility prior to starting project.
Obtaining a SSL Certificate • Contact your internal security expert for guidance. • Search the web • www.verisign.com • www.freessl.com • http://www.godaddy.com/ssl/ssl-open-source.aspx
SSL Creating a Key Store From Command Line(windows) execute the following keytool-genkey -alias server_cert -keyalg RSA -keysize 2048 -dname "CN=smc-ss-vmbssv.seaspan.com,OU=ORACLE,O=ORACLE,L=North Vancouver,ST=BC,C=CA" -keypass OraE1Admin -keystorekeystore.jks -storepass OraE1Admin keytool -list -v -keystorekeystore.jks -storepass OraE1Admin keytool -certreq -v -alias server_cert -file server.csr -keypass OraE1Admin -storepass OraE1Admin -keystorekeystore.jks
SSL Creating a Key Store This will produce a file that user to request a certificate from your provider(ex godaddy) Execute again the following commands to generate after receiving file from provider. keytool -list -keystore E:\Java\jrockit-jdk1.6.0_33-R28.2.4-4.1.0\jre\lib\security\cacerts -storepasschangeit -v keytool -import -keystore E:\Java\jrockit-jdk1.6.0_33-R28.2.4-4.1.0\jre\lib\security\cacerts -file C:\Temp\gd-class2-root.crt -storepasschangeit -alias rootcacert keytool -import -keystore E:\Java\jrockit-jdk1.6.0_33-R28.2.4-4.1.0\jre\lib\security\cacerts -file C:\Temp\gd_intermediate.crt -storepasschangeit -alias rootcacert2
SSL Creating a Key Store This will produce a file that user to request a certificate from your provider(ex godaddy) Execute again the following commands to generate after receiving file from provider. keytool-list -keystore E:\Java\jrockit-jdk1.6.0_33-R28.2.4-4.1.0\jre\lib\security\cacerts -storepasschangeit -v keytool -import -keystore E:\Java\jrockit-jdk1.6.0_33-R28.2.4-4.1.0\jre\lib\security\cacerts -file C:\Temp\gd-class2-root.crt -storepasschangeit -alias rootcacert keytool -import -keystore E:\Java\jrockit-jdk1.6.0_33-R28.2.4-4.1.0\jre\lib\security\cacerts -file C:\Temp\gd_intermediate.crt -storepasschangeit -alias rootcacert2 keytool -import -v -noprompt -trustcacerts -alias rootcacert -file c:\temp\gd-class2-root.crt -keystore "E:\Oracle\Middleware\keystore\keystore.jks" -storepass OraE1Admin keytool -import -v -noprompt -trustcacerts -alias rootcacert2 -file c:\temp\gd_intermediate.crt -keystore E:\Oracle\Middleware\keystore\keystore.jks -storepass OraE1Admin copy gd_bundle.crt certchain.p7b type smc-ss-vmbssv.seaspan.com.crt >> certchain.p7bThe file certchain.p7b will be the concatenation of the intermediate CA and the signed server cert. Then import the newly created file under the key alias as follows: keytool -import -keystore E:\Oracle\Middleware\keystore\keystore.jks -file c:\temp\certchain.p7b -alias server_cert -trustcacerts -keypass OraE1Admin -storepass OraE1Admin