Sun works with the JKS formatted trust and store files, although you can probably get it to work with the p12 formatted files, I find that converting them over to JKS is the simplest.
Go to your <ODM INSTALL>/bin directory and start ikeyman. From there open the trust.p12 file. The default password is WebAS. And then just save it as trust.jks in the jks format with the same password. And also do the same for your key.p12 file saving it as key.jks in the jks format.
Now, in Eclipse, copy the security configuration folder that we created in Part 1 and name it SunJDKSecurity.
Edit the ssl.client.props file and change the user.root to point to your current project/SunJDKSecurity folder. To do this right click on the project security folder that you created and select properties. This will give you the full path to the folder. Highlight the path and use ctrl-c to copy. Then ctrl-s to save the file.
In addition you will have to replace some of the IBMJSSE settings with SunJSSE settings in this file. make the following edits. The big change is modifying the certifcates from .p12 to .jks format. We'll do that in the next step.
| Setting | IBMJDK Value | SunJDK Value |
| com.ibm.ssl.alias | DefaultSSLSettings | DefaultSSLSettings |
| com.ibm.ssl.protocol | SSL_TLS | SSL |
| com.ibm.ssl.securityLevel | HIGH | HIGH |
| com.ibm.ssl.trustManager | IbmPKIX | PKIX |
| com.ibm.ssl.keyManager | IbmX509 | SunX509 |
| com.ibm.ssl.contextProvider | IBMJSSE2 | SunJSSE |
| com.ibm.ssl.enableSignerExchangePromp | gui | gui |
| #com.ibm.ssl.keyStoreClientAlias | default | |
| #com.ibm.ssl.customTrustManagers | ||
| #com.ibm.ssl.customKeyManager | ||
| #com.ibm.ssl.dynamicSelectionInfo | ||
| #com.ibm.ssl.enabledCipherSuites | ||
| # KeyStore information | ||
| com.ibm.ssl.keyStoreName | ClientDefaultKeyStore | ClientDefaultKeyStore |
| com.ibm.ssl.keyStore | ${user.root}/etc/key.p12 | ${user.root}/etc/key.jks |
| com.ibm.ssl.keyStorePassword | WebAS | WebAS |
| #com.ibm.ssl.keyStorePassword | {xor}CDo9Hgw | {xor}CDo9Hgw |
| com.ibm.ssl.keyStoreType | PKCS12 | JKS |
| com.ibm.ssl.keyStoreProvider | IBMJCE | SUN |
| com.ibm.ssl.keyStoreFileBased | TRUE | TRUE |
| # TrustStore information | ||
| com.ibm.ssl.trustStoreName | ClientDefaultTrustStore | ClientDefaultTrustStore |
| com.ibm.ssl.trustStore | ${user.root}/etc/trust.p12 | ${user.root}/etc/trust.jks |
| com.ibm.ssl.trustStorePassword | WebAS | WebAS |
| #com.ibm.ssl.trustStorePassword | {xor}CDo9Hgw | {xor}CDo9Hgw |
| com.ibm.ssl.trustStoreType | PKCS12 | JKS |
| com.ibm.ssl.trustStoreProvider | IBMJCE | SUN |
| com.ibm.ssl.trustStoreFileBased | TRUE | TRUE |
| com.ibm.ssl.trustStoreReadOnly | FALSE | FALSE |
Check that you edited the sas.client.props file and set the following, which you would have done in the part 1 of this Blog)
com.ibm.CORBA.securityServerPort to your correct port, by default it is 2809.
com.ibm.CORBA.loginSource=properties
com.ibm.CORBA.loginUserid=admin and set
com.ibm.CORBA.loginPassword=admin
(Assuming admin/admin for authentication to the SamplesServer)
Now change the the runtime properties that you set in the first part of this exercise so they point to the SunJDKSecurity folder. In the VM Arguments modify the following:
-Dcom.ibm.SSL.ConfigURL=file:///${project_loc}/SunJDKSecurity/properties/ssl.client.props
-Dcom.ibm.CORBA.ConfigURL=file:///${project_loc}/SunJDKSecurity/properties/sas.client.props
At this point, you should be able to run this app without errors using just the SunJDK. Next we're going to add an ODM Events Project to the workspace.
No comments:
Post a Comment