Blog - comments

Thanks a lot Franck. I agree to use FRA and RMAN deletion policy to manage standby site archived log...
RIck CHEN
I still say that you don't have to delete archivelogs because they are managed by oracle. That's the...
I don't know any documentation about those EC and ECJ. And I'm sorry I don't know the consequence of...
Hi Franck thanks for clarifying this. I was already wondering about the difference between EC and EC...
Reiner
Sometimes with a group of transactions generating many archived logs, shipped and applied on standby...
Rick Chen
Blog Gérard Wisson Configuring the JBoss server to use SSL for Documentum DFS

dbi services Blog

Welcome to the dbi services Blog! This IT blog focuses on database, middleware, and OS technologies such as Oracle, Microsoft SQL Server & SharePoint, EMC Documentum, MySQL, PostgreSQL, Sybase, Unix/Linux, etc. The dbi services blog represents the view of our consultants, not necessarily that of dbi services. Feel free to comment on our blog postings.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
Posted by on in Middleware

Configuring the JBoss server to use SSL for Documentum DFS

To be compliant with the customer's security rule, I had to configure SSL for a JBoss application server that holds the Documentum Foundation Services (DFS). I used the following procedure:

 

1. Generate a keystore

Change it to a temporary location, e. g. /var/tmp/SSL:

keytool -genkey -dname "cn=dms.test.org, ou=DEV, o=NICE, l=Delemont, s=Switzerland, c=CH" -keyalg "rsa" -validity 730 -alias tomcat -keysize 2048 -keystore dfs.keystore
Enter keystore password:  xxxx
Enter key password for
        (RETURN if same as keystore password): xxxx

Important:

  • always use tomcat for the alias
  • enter a validity value, otherwise it will be 90 days

Warning: Due the Bugzilla issue 38217, both keystore and key passwords have to be the same!

 

2. Create a Certificate request

keytool -certreq -alias tomcat -file jbossDfs.csr -keystore dfs.keystore
Enter keystore password:  xxxx
Enter key password for xxxx

 

3. Send the jbossDfs.csr file to the service that will signe the certificate

In our case, the customer has its own CA system and will return the signed certificate plus the trusted chain composed of root.cer and user.cer.

 

4. Import the certificates

Once all needed certificates are delivered, they can be imported into the keystore. Before importing the signed certificate, import the chain one.


4.1 Import the root certificate

keytool -import -alias cert1 -file root.cer -keystore dfs.keystore
Enter keystore password:  xxxx
Owner: CN=....
Issuer: CN=....
Serial number: .....
Valid from: Mon Feb 04 09:23:02 CET 2013 until: Wed Feb 04 09:33:01 CET 2037
Certificate fingerprints:
         MD5:  94:40:.....
         SHA1: D0:10:....
Trust this certificate? [no]:  yes
Certificate was added to keystore


4.2 Import the user certificate

keytool -import -alias cert2 -file user.cer -keystore dfs.keystore
Enter keystore password:  xxxx
Certificate was added to keystore

 

4.3. Import the signed certificate

keytool -import -trustcacerts -alias tomcat -file jbossDfs.cer -keystore dfs.keystore
Enter keystore password:  xxxx
Enter key password for xxxx
Certificate reply was installed in keystore

 

5. Update server.xml to activate SSL

cd $DOCUMENTUM_SHARED/jboss4.2.0/server/DctmServer_MethodServer/deploy/jboss-web.deployer/

With vi update server.xml:

  • uncomment the SSL definition
  • set SSLEnabled from false to true
  • Change the default password "changeit" to the one you used to secure the keystore password:

maxThreads="150" scheme="https" secure="true"
keystoreFile="${jboss.server.home.dir}/conf/dfs.keystore" keystorePass="xxxx"
clientAuth="false" sslProtocol="TLS" />

 

6. Change the server.xml permission

If groups and users can read the file, change the file permission to allow only the owner to read/write:

chmod 600 server.xml

 

7. Copy the keystore to the correct location

cp
/var/tmp/SSL/dfs.keystore
$DOCUMENTUM_SHARED/jboss4.2.0/server/DctmServer_MethodServer/conf/

 

8. Restart the JBoss server

You can check the server.log to see if everything is starting fine.

 

9. Test it

Perform a test using using the URL https//dms.test.org:9082/services/core/ObjectService.

The JBoss server now should be ready to manage https requests!

Please note that the client part is not covered in this post.

Rate this blog entry:
1

Gérard Wisson is Delivery Manager and Senior Consultant at dbi Services. He has more than ten years of experience in Enterprise Content Management (ECM) with Documentum as well as in Oracle WebLogic and Java EE / J2EE infrastructures. He is specialized in ECM infrastructure services such as installation, upgrade, high availability, and administration as well as in Oracle WebLogic services such as installation, configuration, and management. He is very experienced in the monitoring and optimization of Java EE / J2EE infrastructures with Grid/Cloud Control and JVMD. Gérard Wisson is certified Oracle Weblogic Server 11g System Administrator and Oracle Certified Associate. Prior to joining dbi services, Gérard Wisson was Senior Consultant at Solfit in Basel. He holds a diploma in Electrical Engineering from the University of Strasbourg (F). His branch-related experience covers Financial Services / Banking, Chemicals & Pharmaceuticals, etc.

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 26 November 2014
AddThis Social Bookmark Button
Deutsch (DE-CH-AT)   French (Fr)

Contact

Contact us now!

Send us your request!

Our workshops

dbi FlexService SLA - ISO 20000 certified.

dbi FlexService SLA ISO 20000

Expert insight from insiders!

Fixed Price Services

dbi FlexService SLA - ISO 20000 certified.

dbi FlexService SLA ISO 20000

A safe investment: our IT services at fixed prices!

Your flexible SLA

dbi FlexService SLA - ISO 20000 certified.

dbi FlexService SLA ISO 20000

ISO 20000 certified & freely customizable!

dbi services Newsletter