on 04-16-2015 10:02 PM
Hi Folks,
I'm trying to follow the documentation for setting up V8, but I'm hitting a slight snag when dealing with the SSL configuration.
Looking at the documentation,SAP Identity Management Installation Guide - SAP Library and Adding New SSL Access Points - Network and Transport Layer Security - SAP Library. I'm told to open a port, but I don't know which one to open. Is this an arbitrary number or am I supposed to choose a specific value.
Thanks,
Matt
Hi Matt,
SSL configuration is very easy in IDM 8.
please follow these steps
1. enable ssl and create self sign certificate on nwa > configuration >Security > ssl on port 50001 or any other port you wish to use
2. then click on export entry your certificate and copy into c:\program files\java\java version\lib/security\ ( please check windows java environment for correct java path )
3. export SAPLogonKeypair.cert from TicketKeystore (/nwa) and copy into c:\program files\java\java version\lib\security\
4. then use this command to add all certificate into java cacerts
keytool -import -alias my_ssl_cert -file certificate_name .crt -keystore cacerts
then open Developer studio and configure port 50001
Regards,
Mohinder
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
You could try this for point#1:
Configuring the Use of SSL on the AS Java - Network and Transport Layer Security - SAP Library
Kind Regards,
Rali
SAP Identity Management Development
6. Select the instance and push the Edit button and then browse the SSL Library and Ticket file.
7. In SSL Access Points section, choose the Add pushbutton.
8. Enter the number of the port (e.g. 50001)
9. Select the Protocol (e.g.HTTPS)
10.Select the keystore view (e.g. Instance Default)
11. Select the Client Authentication Mode (e.g. Request)
12. Finally push SAVE button to save the all configuration objects and restart the ICM to take effect the changes.
13. Open Web Browser and enter the below URL https://<j2ee_host_name>:<ICM_https_port>
Hi Matt,
SAPCrypto library should be part of your default AS Java installation, so it's only necessary to download it If you have a very old version. Check your version using sapgenpse tool.
It should be Version 8.x.x.
Go to NWA --> Configuration --> SSL and choose a port that you want to use e.g. 443, 50001, etc,
choose the required Client Authentication Mode (e.g. Request) and enable SSL by browsing to the ticket file.
If you have a Certificate Authority use this to issue the certificate instead of a self-signed certificate.
The private key of the server certificate should be imported in the Server Identity section and the issuer certificate should then be imported in the Trusted CAs section.
Restart the AS Java Instance (ICM) and test the SSL connection.
Regards,
Ridouan
Hi Ridouan & Matt, do you need SSL for eclipse to access identity center ? Per documentation, we should be allowed to access the same over 50000 as well right ?
did you make any progress with your SSL and are you able to get to the IC ? FYI, my SSL is green however when I authenticate over 50001 I get the message: "Login failed: Unrecognized SS message" and below is the log:
Any help appreciated ! Thanks
Prashanth
5155081696
Please follow these steps now
3. export SAPLogonKeypair.cert from TicketKeystore (/nwa) and copy into c:\program files\java\java version\lib\security\
4. then use this command to add all certificate into java cacerts
keytool -import -alias my_ssl_cert -file certificate_name .crt -keystore cacerts
After that error will gone
User | Count |
---|---|
82 | |
11 | |
10 | |
8 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.