2 Replies Latest reply: Mar 11, 2013 12:46 PM by User526875-OC RSS

    Jolt and SSL

      Hello All,

      I'm trying to figure out how to configure a Tuxedo server (part of a Peoplesoft environment) to accept SSL Jolt connections using certificate based authentication.
      One way (the calling JSL client is trusted by the tuxedo server using a certificate key) is sufficient and two-way would be nice but not necessary.

      I'm reading a lot of documentation and am slowly getting confused; do I need to configure ATMI SSL? Or are there Jolt specific steps I should follow instead?
      I can enable JSL Encryption in the cfg file but I believe this is not SSL but the LLE encryption?
      In $TUXDIR/udataobj/security I have a certs & keys folder that look very promising but I'm missing some concrete administration documentation describing exactly how it works and how to enable & configure it for Jolt clients.

      Many Thanks for any help!

      Edited by: 992692 on Mar 8, 2013 5:57 AM
        • 1. Re: Jolt and SSL
          Is this for the Jolt connection between the PIA and the App Server? Is the network between your web servers and app servers insecure? I would not generally recommend doing this within a datacenter because of the added performance hit. Why is it not sufficient to terminate the SSL at the PIA? Also, what version of Tuxedo are you using?

          The documentation for Jolt SSL configuration is here (http://docs.oracle.com/cd/E13161_01/tuxedo/docs10gr3/jdg/dvconfig.html) if you need it.
          • 2. Re: Jolt and SSL
            The network is not insecure. The enduser connects to the peoplesoft frontend Weblogic PIA using https sessions, but our Enterprise Service Bus (coming from another secured zone in our lan) is using a connector adapter to CI's and connects directly to the JSL port on the Tuxedo APP server.
            Whenever this situation occurs (two servers in different secured zones interfacing) our internal security baseline guidelines require it at least to be SSL encrypted and preferably running with two way authentication. Yes, I know.. very annoying!

            Thanks for the link, it does provide some insight on how to start with SSL parameters but I'm not sure how to actually configure the keys & certificates as it falls short on explaining the actual steps and this document http://docs.oracle.com/cd/E13161_01/tuxedo/docs10gr3/rf5/rf5.html seems serious overkill to parse through :)

            Edited by: 992692 on Mar 11, 2013 10:33 AM