Top
 Systemwalker User's Guide - Systemwalker User Management and Single Sign-On
Systemwalker

3.2.2 Creating an SSL Environment

To use simple certificates for Systemwalker, use the following procedure to create the certificate environment required for SSL communications.

It is necessary to create the simple certificate environment for Systemwalker only when the following operating modes are used:

Note also that these steps are not required if certificates other than simple certificates for Systemwalker are used, but in this case it is still necessary to prepare certificates beforehand. Refer to "Preparing Certificates" for details on how to prepare certificates.


Use the following procedure to create an environment for simple certificates for Systemwalker.

Note

[Solaris/Linux]

Before executing the command below, specify the installation path to the JDK or JRE in the JAVA_HOME environment variable.

For the Bourne shell or bash

JAVA_HOME=/opt/FJSVawjbk/jdk5;export JAVA_HOME

For the C shell

setenv JAVA_HOME /opt/FJSVawjbk/jdk5

  1. Create a certificate by executing the following command on the Systemwalker Single Sign-On Server.

    scsmakeenv -n <nickname> -v <valday>

    -n <nickname>

    Specify a nickname for the private key. Specify between 1 and 32 characters, where the first character must be an alphanumeric character.

    Note that nicknames that are already being used cannot be specified. Note also that nicknames are not case-sensitive.

    The following characters can be used for nicknames:

    • Alphanumeric characters

    • Symbols (- ( ) [ ] _)

    -v <valday>

    Specify a value between 1 and 7300 days for the validity period of the certificate. The default value is 365 days.

    The certificate cannot be used after the validity period expires. In this case, the certificate will need to be recreated, so it is recommended that the maximum value be specified.

    [Command location]

    OS

    Location

    Windows

    <Interstage installation directory>\bin

    UNIX

    /opt/FJSVisscs/bin

    [Input items required when the command is executed]

    When this command is first executed, a password must be registered to access the Interstage certificate environment.

    Specify a password using between 6 and 128 characters. The following characters can be used:

    • Alphanumeric characters

    • Symbols (+ , - . / < = > ( ) [ ] _)

    • Spaces

    If this is not the first time this command has been executed, enter the password that was registered previously.

    After the password is entered, the following message will be displayed, prompting for information such as a name and so on.

    Do not omit these items.

    Message

    Input value

    What is your first and last name?

    Name

    For site certificates, enter the domain name or IP address

    What is the name of your organizational unit?

    Organization unit (for example, department name)

    What is the name of your organization?

    Organization (for example, company name)

    What is the name of your City or Locality?

    City or locality (for example, city, suburb, town, or village)

    What is the name of your State or Province?

    Sate or Province (for Japan, enter the name of the Prefecture)

    What is the two-letter country code for this unit?

    Country code(ISO3166)

    For Japan, this is 'jp'.

    The following characters can be used for input values. However, the country code must be specified using two letters, as specified in ISO3166.

    • Alphanumeric characters

    • Symbols (, - . / : ? ' + = # ; ( ) < >)

    • Spaces
      Any blank spaces specified at the beginning or end of a string will be deleted. Also, the command may not run correctly if multiple spaces are specified consecutively, or if only a blank space is specified.

    Refer to "SSL Environment Setting Commands" in the Interstage Application Server Reference Manual (Command Edition) for details on this command.

    [Execution example]

    • Certificate nickname: SystemwalkerCert

    • Validity period for the certificate: 7300 days

    • Name: AuthServer.fujitsu.com

    • Organizational unit: Systemwalker

    • Organization: Fujitsu Ltd.

    • City/locality: Yokohama

    • State/province: Kanagawa

    • Country code: jp

      > scsmakeenv -n SystemwalkerCert -v 7300
      Password:
      Input X.500 distinguished names.
      What is your first and last name?
      [Unknown]:AuthServer.fujitsu.com
      What is the name of your organizational unit?
      [Unknown]:Systemwalker
      What is the name of your organization?
      [Unknown]:Fujitsu Ltd.
      What is the name of your City or Locality?
      [Unknown]:Yokohama
      What is the name of your State or Province?
      [Unknown]:Kanagawa
      What is the two-letter country code for this unit?
      [Un]:jp
      Is <CN= AuthServer.fujitsu.com, OU=Systemwalker, O=Fujitsu Ltd., L=Yokohama, ST=Kanagawa, C=jp> correct?
      [no]:yes
      SCS: INFO: scs0102: Self-sign certificate was issued

  2. Start the Interstage Management Console.

    Use the following procedure.

    How to start the Interstage Management Console
    1. Start a Web browser and enter the following URL.

      • For communications with SSL encryption

        https://<host name>:<port number>/IsAdmin/

      • For communications without SSL encryption

        http:// <host name>:<port number>/IsAdmin/

      <host name>:

      Specify the host name or IP address of the server where the Systemwalker Single Sign-On Server or Interstage Application Server is installed.

      <port number>:

      Specify the port number for the Interstage HTTP Server for the Interstage Management Console.

      The port number for the Interstage HTTP Server is set up when it is installed.

      The default value is 12000.

      Point

      SSL-encrypted communications are selected when Systemwalker Single Sign-On Server or Interstage Application Server is installed.

    2. Enter the user name and password of the user in the Interstage Management Console window, and then click the Login button.

      [Windows]

      Specify a user that belongs to the Administrators group on the local computer.

      [UNIX]

      Specify the root user (superuser) on the local computer.

  3. In the Interstage Management Console window, select System >> Security >> SSL and then click the Create a new SSL Configuration tab.

  4. Specify each item as below, and then click the Create button.

    General Settings

    • Configuration Name

      Specify the SSL configuration name when a new certificate is created. Specify a name that does not conflict with an existing SSL configuration name, using between 1 and 32 of the following characters:

      • Alphanumeric characters

      • Symbols (- ( ) [ ] _)

    • Site Certificate Nickname

      Select the nickname that was specified with the scsmakeenv command in step 1.