Use the following information to configure one-way SSL authentication between HCL Commerce and Sterling Order Management by adding the HCL Commerce client certificate to the Sterling Order Management agent server.
Procedure
-
Create and Extract HCL Commerce client certificate.
For your development environment by using the Integrated Solutions console:
-
Log on to the Integrated Solutions console, and go to .
-
Click NodeDefaultKeyStore.
-
Under Personal certificates, select
Default.
-
Create a self-signed certificate with the following details:
Set the alias as wcclient, and set the common name as
WCIntegrationUser.
-
Click Extract. Fill in the certificate file name (for example,
c:/temp/wcclient.cer) and click OK.
-
Go to .
-
Add the following connection information: *,$sterling.hostname,*, where
you replace the value with your own Sterling server host name.
For example, samplesterling.cn.ibm.com.
-
Set the alias as wcclient, which was created in the preceding sub
steps.
For your production environment by using Run Engine commands:
-
Use OpenSSL to generate a private key and certificate.
For example: openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days
365 -out wcclient.cer
Ensure that the Common Name (CN) value is set to
WCIntegrationUser.
The resulting certificate might represent the following
file: onewaycert.zip
-
Run the command to import the self-signed certificate to the keystore.
- Create a sample JSON to save the private key and certificate. Note the following:
- Copy the private_key and certificate values from
the rsa_private.key and cert.crt values generated in
the previous step.
- For the issuing_ca value, the certificate must be imported to the trust
store. In this case, in a one-way SSL authentication, the value can be null. (Conversely, in a
two-way SSL authentication, the certificate from Sterling must be imported to the trust store in
HCL Commerce. The value of issuing_ca must be copied from the
certificate of Sterling. For example: scserver.cer).
- For destination_host, use your Sterling host name value, for example, in
this task, samplesterlling.cn.ibm.com is used.
- Put the JSON file in the following directory: SETUP/certs/custom.
- Run the following script: updateLocalCerts.sh.
-
Copy the certificate file to the Sterling Order Management runtime directory, where the agent
server runs. For example, /tmp/wcclient.cer.
-
Import the wcclient.cer file into the local trust store by executing the
following keytool -import command:
keytool -import -alias wcclientcert -file /path to file/wcclient.cer -keystore /<INSTALL_DIR>/jdk/jre/lib/security/cacerts
Where
<INSTALL_DIR> is the location where Sterling Order Management is
installed.
Note: The default password is changeit.