AnsweredAssumed Answered

Enabling SSL for SiteMinder AdminUI-12.7

Question asked by Naveen007 on Oct 9, 2017
Latest reply on Nov 9, 2017 by brida02

Hello All,

 

Can someone please let me know, how to enable ssl to siteminder adminui -12.7?

 

Here are the steps that i followed to enable ssl to siteminder adminui -12.52 SP1 CR06

1) created a keystore with name adminui.keystore and added our organizational certs to the adminui.keystore

2) copied adminui.keystore to location (/opt/SiteMinder/siteminder/adminui/server/default/conf)

3) modified keystore location and password in run.conf under location /opt/SiteMinder/siteminder/adminui/bin like this:

JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=$JBOSS_HOME/server/default/conf/adminui.keystore"

JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=xxxxxxx"

4)modified parameters like keystorefile, keystorepass, and port on server.xml under location (/opt/SiteMinder/siteminder/adminui/server/default/deploy/jbossweb.sar) like this:

 

<Connector URIEncoding="UTF-8" acceptCount="100" address="${jboss.bind.address}" connectionTimeout="20000" emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="10240" maxPostSize="0" port="8443" protocol="HTTP/1.1" redirectPort="8443"/>

<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="${jboss.bind.address}" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA" connectionTimeout="20000" emptySessionPath="true" enableLookups="true" keyAlias="adminui" keystoreFile="/opt/SiteMinder/siteminder/adminui/server/default/conf/adminui.keystore" keystorePass="xxxx" keystoreType="jks" maxHttpHeaderSize="10240" maxPostSize="0" maxSpareThreads="75" minSpareThreads="5" port="8443" protocol="HTTP/1.1" scheme="https" secure="true"/>

 

Here is the documentation that is been shared by CA Support Engineer for 12.52. So I am looking for is there any documentation like this for 12.7? Because i see there are lot of changes in the file naming and directory structures on 12.7

 

How to obtain and import a Trusted Certificate into the CA Single Sign-On Administrative UI 

 

Thanks,

Naveen

Outcomes