Configuring one-way SSL authentication between HCL Commerce and Sterling Order Management agent server

Use the following information to configure one-way SSL authentication between HCL Commerce and Sterling Order Management by adding the HCL Commerce client certificate to the Sterling Order Management agent server.

Procedure

  1. Create and Extract HCL Commerce client certificate.

    For your development environment by using the Integrated Solutions console:

    1. Log on to the Integrated Solutions console, and go to Security > SSL certificate and key management > key stores and certificates.
    2. Click NodeDefaultKeyStore.
    3. Under Personal certificates, select Default.
    4. Create a self-signed certificate with the following details:

      Set the alias as wcclient, and set the common name as WCIntegrationUser.

    5. Click Extract. Fill in the certificate file name (for example, c:/temp/wcclient.cer) and click OK.
    6. Go to SSL certificate and key management > Dynamic outbound endpoint SSL configurations.
    7. Add the following connection information: *,$sterling.hostname,*, where you replace the value with your own Sterling server host name.
      For example, samplesterling.cn.ibm.com.
    8. Set the alias as wcclient, which was created in the preceding sub steps.
    For your production environment by using Run Engine commands:
    1. Use OpenSSL to generate a private key and certificate.

      For example: openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out wcclient.cer

      Ensure that the Common Name (CN) value is set to WCIntegrationUser.

      The resulting certificate might represent the following file: onewaycert.zip

    2. Run the command to import the self-signed certificate to the keystore.
      1. Create a sample JSON to save the private key and certificate. Note the following:
        • Copy the private_key and certificate values from the rsa_private.key and cert.crt values generated in the previous step.
        • For the issuing_ca value, the certificate must be imported to the trust store. In this case, in a one-way SSL authentication, the value can be null. (Conversely, in a two-way SSL authentication, the certificate from Sterling must be imported to the trust store in HCL Commerce. The value of issuing_ca must be copied from the certificate of Sterling. For example: scserver.cer).
        • For destination_host, use your Sterling host name value, for example, in this task, samplesterlling.cn.ibm.com is used.
      2. Put the JSON file in the following directory: SETUP/certs/custom.
      3. Run the following script: updateLocalCerts.sh.
  2. Copy the certificate file to the Sterling Order Management runtime directory, where the agent server runs. For example, /tmp/wcclient.cer.
  3. Import the wcclient.cer file into the local trust store by executing the following keytool -import command:
    
    keytool -import -alias wcclientcert -file /path to file/wcclient.cer -keystore /<INSTALL_DIR>/jdk/jre/lib/security/cacerts
    
    Where <INSTALL_DIR> is the location where Sterling Order Management is installed.
    Note: The default password is changeit.