Our corporate LDAP directory (directory.djdev.com) using Secure Socket Layer (SSL) will be renewed on 15th December 2013.
As per the client’s request we need to install New VeriSign root certificate, in addition to Current Existing VeriSign Root certificate. And we should make your changes without production impact.
Each pre-production Corporate LDAP environment has certificates which were issued using the NEW Verisign root certificate.
We need to perform validation testing against one of the following environments:
Kindly suggest how to accomplish this task?? As I am new to admin tasks.
They provided the links for:
1. Location of NEW root CA certificate
2. Location of CURRENT root CA certificate (currently in use by production LDAP)
After downloading the certificates in to the below path what exactly I need to do with these cacerts??
Certificate path: into HYPERION_HOME/common/JRE/Sun/1.5.0/lib/security/cacerts.
As per the SSL Configuration Guide I found below information. Kindly suggest:
1. If the CA root certificate you are using is not from a default trusted third-party CA, import the CA root
certificate into HYPERION_HOME/common/JRE/Sun/1.5.0/lib/security/cacerts.
2. Optional: If EPM System products are deployed on a 64–bit operating system, import the CA certificate
3. SSL-enable user directory connections.
a. Obtain the CA root certificate for your LDAP-enabled user directory.
b. If the CA root certificate you are using is not from a default trusted third-party CA,
import the CA root certificate into the cacerts of the JVM. cacerts is in the /lib/
security directory within the JRE install directory.
“You can use different keystores for inbound and outbound requests. LDAPS is an
outbound request from the application server; HTTPS is an inbound request”
Caution! When Oracle's EPM System applications are installed and deployed on
multiple servers, if the root CA certificate is not from a trusted third-party
CA, you must load the CA root certificate into all of the JREs that are used
by EPM System products.
Note: All servers must be set up to open SSL connections when they are acting as SSL clients.
For example, Planning Web application should open SSL connection to the user
4 .Restart Shared Services.
5. Log on to Oracle's Hyperion® Shared Services Console as Shared Services Administrator. Connect using