Configuring Secure Connections for SAE Web Admin
You can protect communications between SAE Web Admin and a client browser by configuring Secure HyperText Transfer Protocol (https) for the Web application. The SDX software uses secure sockets layer (SSL) for https connections. To use SSL, you must obtain an authorized site certificate. The SDX software provides a dummy security certificate that you must replace with a real one. You can obtain a signed certificate from a certificate authority (CA).
To remove the dummy certificate and create a site certificate:
- Access the SAE installation directory.
- Remove the dummy certificate.
- Generate a new self-signed certificate by using keytool; for example:
cd /opt/UMC/sae
rm -f lib/jetty/saeKeystore
/opt/UMC/jre/bin/keytool -genkey -keyalg RSA -keystore
lib/jetty/saeKeystore -keypass saejetty -storepass saejetty -alias sae -dname
<DN> -validity 365
- Use the values specified for the -keystore, -keypass, -storepass, and -alias arguments.
- Replace <DN> with the distinguished name that identifies your HTTPS server. For example, if XYM Corp in Canada has an HTTPS server with a hostname of ssp1.domain.org, then the DN might be:
"cn=ssp1.domain.org, o=XYM Corp, c=CA"
http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html
 |
- Create a certificate signing request (CSR).
/opt/UMC/jre/bin/keytool -certreq -alias sae -file server.csr -keypass saejetty
-keystore lib/jetty/saeKeystore -storepass saejetty
The command creates a CSR and places it in the server.csr file.
- Send the CSR from the file /opt/UMC/sae/server.csr for signing to a certificate authority (CA), such as one of the following commonly used authorities:
The CA authenticates you and returns a certificate, signed by them, that authenticates your public key.