After installing Operation Console, a web-based environment is used to deploy workflow processes for end-users, the security which contained users and password, is necessary but it’s a clear-text or plain-text, I think using web-based withi https and certificate technology is the best suite on this case, the extranet or Internet implementatiion.
Opalis Operation Console uses Jboss – Java Technology inside – and so we have a strange environment which is implemented with SSL + Certificates. On the Administrator Guide Opalis has a step by step but it not useful if you don’t have an experience to work with certificate and Java before, so that, I write this post to show some steps which is hidden from Administrative Guide, the small steps but I think they are time-saving.
On Domain Controller, we must install IIS (Web Server) at first, don’t try install IIS and Certificate Authority at the same times because of errors
Secure Opalis Operation Console - Install Web Server
Install the Certificate Service
Secure Opalis Operation Console - Install Authority Service
Secure Opalis Operation Console - Install Authority Service Root CA
Type the name of Root CA - systemcenter is the name of my scenario root CA.
Complete the wizard steps.
Click on Start | Run | type MMC
MMC appears and click add-in and finds Certificate from dialogue, click Add
Secure Opalis Operation Console - Export Root CA from MMC
Expand Trusted Root Certificate | Certificate and find systemcenter, right-click and export this certificate for preparing the next-step: Import Certificate.
Secure Opalis Operation Console - Install Authority Service Root CA
Step 2: Creating certificate sef-service, importing and submit request to CA.
On Opalis Server, Java allow to creating the certificate self-services, and we must submit the request of this certificate to CA.
Creating certificate self-services by the command-line:
Notes: “%JAVA_HOME%” is shown the Java home directory, by default C:\Program Files\Java\jdk<version>, using ” ” because of the space on the path directory. Replace the highlight with the other name.
Type changeit on the password reminder. You can change the password if you want, on this case I use changeit – default password during the steps.
Type the first – last name, using FQDN on this Opalis server, on this case, it’s opalis.syscenter.org, others field can blank, and Enter for using default password.
Opalis.csr is created at the location where you are running the command, opening opalis.csr by notepad or wordpad program, copy all content of this file
Secure Opalis Operation Console - Open request certificate file
Using Internet Explorer and type address of Certificate Web Enroll, type the username and password (Administrator for example), click Request a certificate, click Advanced certificate request
Now, we get the opalis.cer and we must import rootca to authorize opalis.cer. Copy the rootca which you export from Step1 to folder where you want to run command-line.
Notes: you must import rootca at first, and choose yes to import this certificate, if you don’t import rootca, you will have error appear to warning, not reply from chain.
Step 3: Change configuration file of JBoss.
Open Operation Console folder, e:\jboss\jboss-4.2.3-GA for example, navigate the server.xml on OperationConsole Folder | server | default | deploy | jboss-web.deployer
Find HTTPs Protocol and modify content file like this
Copy the server from folder Operation Console folder | offline | protocol | https to Operation Console folder
Modify the application.xml file located at Operator Console Folder | server | default | deploy | OpsConsoleApp-1.0.ear | ME TA-INF | application.xml by changing
<module><ejb>OpConsoleWebService-1.0.jar</ejb></module> to <module><ejb>OpConsoleWebServiceSSL-1.0.jar</ejb></module>
Modify the security-constraint section of the Operator Console Folder | server | default | deploy | OpConsoleWebServiceBridge-1.0.war | WEB-INF | web.xml file to the following:
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
After installing Operation Console, a web-based environment is used to deploy workflow processes for end-users, the security which contained users and password, is necessary but it’s a clear-text or plain-text, I think using web-based withi https and certificate technology is the best suite on this case, the extranet or Internet implementatiion.
Opalis Operation Console uses Jboss – Java Technology inside – and so we have a strange environment which is implemented with SSL + Certificates. On the Administrator Guide Opalis has a step by step but it not useful if you don’t have an experience to work with certificate and Java before, so that, I write this post to show some steps which is hidden from Administrative Guide, the small steps but I think they are time-saving.
Step 1: Preparing Certificate Authority Environment.
On Domain Controller, we must install IIS (Web Server) at first, don’t try install IIS and Certificate Authority at the same times because of errors
Secure Opalis Operation Console - Install Web Server
Install the Certificate Service
Secure Opalis Operation Console - Install Authority Service
Secure Opalis Operation Console - Install Authority Service Root CA
Type the name of Root CA - systemcenter is the name of my scenario root CA.
Complete the wizard steps.
Click on Start | Run | type MMC
MMC appears and click add-in and finds Certificate from dialogue, click Add
Secure Opalis Operation Console - Export Root CA from MMC
Expand Trusted Root Certificate | Certificate and find systemcenter, right-click and export this certificate for preparing the next-step: Import Certificate.
Secure Opalis Operation Console - Install Authority Service Root CA
Step 2: Creating certificate sef-service, importing and submit request to CA.
On Opalis Server, Java allow to creating the certificate self-services, and we must submit the request of this certificate to CA.
Creating certificate self-services by the command-line:
Notes: “%JAVA_HOME%” is shown the Java home directory, by default C:\Program Files\Java\jdk<version>, using ” ” because of the space on the path directory. Replace the highlight with the other name.
Type changeit on the password reminder. You can change the password if you want, on this case I use changeit – default password during the steps.
Type the first – last name, using FQDN on this Opalis server, on this case, it’s opalis.syscenter.org, others field can blank, and Enter for using default password.
Secure Opalis Operation Console - Creating self-service certificate
Creating the request certificate file
Secure Opalis Operation Console - Creating request certificate file
Opalis.csr is created at the location where you are running the command, opening opalis.csr by notepad or wordpad program, copy all content of this file
Secure Opalis Operation Console - Open request certificate file
Using Internet Explorer and type address of Certificate Web Enroll, type the username and password (Administrator for example), click Request a certificate, click Advanced certificate request
Secure Opalis Operation Console - submit request certificate file
Click Submit a certificate request ….. file
Secure Opalis Operation Console - submit request certificate file
Paste the content of opalis.csr to Save Request textbox, and choose Web Server on Template Combox-box, click Submit button at the bottom page.
Secure Opalis Operation Console - submit request certificate file
Download the Certificate with DER, save the file with the name opalis.cer.
Secure Opalis Operation Console - submit request certificate file
Now, we get the opalis.cer and we must import rootca to authorize opalis.cer. Copy the rootca which you export from Step1 to folder where you want to run command-line.
Secure Opalis Operation Console - get rootca file
Importing the RootCA and Certificate
Secure Opalis Operation Console - Import certificate file
Secure Opalis Operation Console - Import certificate file
Secure Opalis Operation Console - Import certificate file
Notes: you must import rootca at first, and choose yes to import this certificate, if you don’t import rootca, you will have error appear to warning, not reply from chain.
Step 3: Change configuration file of JBoss.
Open Operation Console folder, e:\jboss\jboss-4.2.3-GA for example, navigate the server.xml on Operation Console Folder | server | default | deploy | jboss-web.deployer
Find HTTPs Protocol and modify content file like this
Secure Opalis Operation Console - Configure server.xml
Copy the server from folder Operation Console folder | offline | protocol | https to Operation Console folder
Modify the application.xml file located at Operator Console Folder | server | default | deploy | OpsConsoleApp-1.0.ear | ME TA-INF | application.xml by changing
Secure Opalis Operation Console - Configure application.xml
Modify the security-constraint section of the Operator Console Folder | server | default | deploy | OpConsoleWebServiceBridge-1.0.war | WEB-INF | web.xml file to the following:
After that, restart Jboss with run.bat from Jboss\Jboss-4.2.3-GA\bin to load new server.xml
Step 4: Test
Using Internet Explorer and type https://localhost:8443 for testing
Secure Opalis Operation Console - Test HTTPs
Secure Opalis Operation Console - Test HTTPs
Secure Opalis Operation Console - Test HTTPs
Secure Opalis Operation Console - Test HTTPs
Share this post
Link to post
Share on other sites