0 Replies Latest reply: Sep 26, 2013 2:52 PM by Smilee RSS

    LDAP Directory SSL Certificate renewal Process reg.

    Smilee

      Hi, All

      Our corporate LDAP directory (directory.djdev.com) using Secure Socket Layer (SSL) will be renewed on 15th December 2013.

      As per the client’s request we need to install New VeriSign root certificate, in addition to Current Existing VeriSign Root certificate. And we should make your changes without production impact.

      Each pre-production Corporate LDAP environment has certificates which were issued using the NEW Verisign root certificate.

      We need to perform validation testing against one of the following environments:

      1.  dirdev.corp.djdev.com

      2.  dirtest.corp.djdev.com

      3. dirPSE.corp.djdev.com

       

      Kindly suggest how to accomplish this task?? As I am new to admin tasks.

      They provided the links for:

      1. Location of NEW root CA certificate

      2. Location of CURRENT root CA certificate (currently in use by production LDAP)

      After downloading the certificates in to the below path what exactly I need to do with these cacerts??

      Certificate path: into HYPERION_HOME/common/JRE/Sun/1.5.0/lib/security/cacerts.


      As per the SSL Configuration Guide I found below information. Kindly suggest:

      1. If the CA root certificate you are using is not from a default trusted third-party CA, import the CA root

      certificate into HYPERION_HOME/common/JRE/Sun/1.5.0/lib/security/cacerts.

      2. Optional: If EPM System products are deployed on a 64–bit operating system, import the CA certificate

      into HYPERION_HOME/common/JRE-64/Sun/1.5.0/lib/Security/cacerts.

      3. SSL-enable user directory connections.

      a. Obtain the CA root certificate for your LDAP-enabled user directory.

      b. If the CA root certificate you are using is not from a default trusted third-party CA,

      import the CA root certificate into the cacerts of the JVM. cacerts is in the /lib/

      security directory within the JRE install directory.

      “You can use different keystores for inbound and outbound requests. LDAPS is an

      outbound request from the application server; HTTPS is an inbound request”

      Caution! When Oracle's EPM System applications are installed and deployed on

      multiple servers, if the root CA certificate is not from a trusted third-party

      CA, you must load the CA root certificate into all of the JREs that are used

      by EPM System products.

      Note: All servers must be set up to open SSL connections when they are acting as SSL clients.

      For example, Planning Web application should open SSL connection to the user

      directory server.

      4 .Restart Shared Services.

      5. Log on to Oracle's Hyperion® Shared Services Console as Shared Services Administrator. Connect using

      the secure URL https://host:SSL-port/interop/index.jsp; for example, https://

      myServer:28443/interop/index.jsp.

       

       

      Regards

      Smilee