To use simple certificates for Systemwalker, use the following procedure to create the certificate environment required for SSL communications.
It is necessary to create the simple certificate environment for Systemwalker only when the following operating modes are used:
When the Systemwalker Single Sign-On function is used
When only the Systemwalker User Management function is used and the Interstage Directory Service is used as the Systemwalker authentication repository
Note also that these steps are not required if certificates other than simple certificates for Systemwalker are used, but in this case it is still necessary to prepare certificates beforehand. Refer to "Preparing Certificates" for details on how to prepare certificates.
Use the following procedure to create an environment for simple certificates for Systemwalker.
Note
[Solaris/Linux]
Before executing the command below, specify the installation path to the JDK or JRE in the JAVA_HOME environment variable.
JAVA_HOME=/opt/FJSVawjbk/jdk5;export JAVA_HOME |
setenv JAVA_HOME /opt/FJSVawjbk/jdk5 |
Create a certificate by executing the following command on the Systemwalker Single Sign-On Server.
scsmakeenv -n <nickname> -v <valday> |
Specify a nickname for the private key. Specify between 1 and 32 characters, where the first character must be an alphanumeric character.
Note that nicknames that are already being used cannot be specified. Note also that nicknames are not case-sensitive.
The following characters can be used for nicknames:
Alphanumeric characters
Symbols (- ( ) [ ] _)
Specify a value between 1 and 7300 days for the validity period of the certificate. The default value is 365 days.
The certificate cannot be used after the validity period expires. In this case, the certificate will need to be recreated, so it is recommended that the maximum value be specified.
[Command location]
OS | Location |
---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVisscs/bin |
[Input items required when the command is executed]
When this command is first executed, a password must be registered to access the Interstage certificate environment.
Specify a password using between 6 and 128 characters. The following characters can be used:
Alphanumeric characters
Symbols (+ , - . / < = > ( ) [ ] _)
Spaces
If this is not the first time this command has been executed, enter the password that was registered previously.
After the password is entered, the following message will be displayed, prompting for information such as a name and so on.
Do not omit these items.
Message | Input value |
---|---|
What is your first and last name? | Name For site certificates, enter the domain name or IP address |
What is the name of your organizational unit? | Organization unit (for example, department name) |
What is the name of your organization? | Organization (for example, company name) |
What is the name of your City or Locality? | City or locality (for example, city, suburb, town, or village) |
What is the name of your State or Province? | Sate or Province (for Japan, enter the name of the Prefecture) |
What is the two-letter country code for this unit? | Country code(ISO3166) For Japan, this is 'jp'. |
The following characters can be used for input values. However, the country code must be specified using two letters, as specified in ISO3166.
Alphanumeric characters
Symbols (, - . / : ? ' + = # ; ( ) < >)
Spaces
Any blank spaces specified at the beginning or end of a string will be deleted. Also, the command may not run correctly if multiple spaces are specified consecutively, or if only a blank space is specified.
Refer to "SSL Environment Setting Commands" in the Interstage Application Server Reference Manual (Command Edition) for details on this command.
[Execution example]
Certificate nickname: SystemwalkerCert
Validity period for the certificate: 7300 days
Name: AuthServer.fujitsu.com
Organizational unit: Systemwalker
Organization: Fujitsu Ltd.
City/locality: Yokohama
State/province: Kanagawa
Country code: jp
> scsmakeenv -n SystemwalkerCert -v 7300 |
Start the Interstage Management Console.
Use the following procedure.
Start a Web browser and enter the following URL.
For communications with SSL encryption
https://<host name>:<port number>/IsAdmin/ |
For communications without SSL encryption
http:// <host name>:<port number>/IsAdmin/ |
Specify the host name or IP address of the server where the Systemwalker Single Sign-On Server or Interstage Application Server is installed.
Specify the port number for the Interstage HTTP Server for the Interstage Management Console.
The port number for the Interstage HTTP Server is set up when it is installed.
The default value is 12000.
Point
SSL-encrypted communications are selected when Systemwalker Single Sign-On Server or Interstage Application Server is installed.
Enter the user name and password of the user in the Interstage Management Console window, and then click the Login button.
[Windows]
Specify a user that belongs to the Administrators group on the local computer.
[UNIX]
Specify the root user (superuser) on the local computer.
In the Interstage Management Console window, select System >> Security >> SSL and then click the Create a new SSL Configuration tab.
Specify each item as below, and then click the Create button.
General Settings
Configuration Name
Specify the SSL configuration name when a new certificate is created. Specify a name that does not conflict with an existing SSL configuration name, using between 1 and 32 of the following characters:
Alphanumeric characters
Symbols (- ( ) [ ] _)
Site Certificate Nickname
Select the nickname that was specified with the scsmakeenv command in step 1.