Wednesday, October 25, 2017

How to Enable HTTPS on PowerCenter Admin Console

How to Enable HTTPS on PowerCenter Admin Console

  
11.   Generate a keystore file.

Provide valid values for CN, OU, O, L, S, C when prompted. The value for CN is the host name of the server where PowerCenter is installed. It can be a fully qualified name or just the host name depending on how you access the Administration Console.

[infadev@infadev 9.6.1]$ cd /sbx/informatica/9.6.1/java/jre/bin
[infadev@infadev bin]$ keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -validity 1000 -keystore tomcat.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Infa
What is the name of your organizational unit?
  [Unknown]:  Infa
What is the name of your organization?
  [Unknown]:  Infa
What is the name of your City or Locality?
  [Unknown]:  Infa
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Infa, OU=Infa, O=Infa, L=Infa, ST=CA, C=US correct?
  [no]:  Y

Enter key password for
        (RETURN if same as keystore password):
Re-enter new password:
[infadev@infadev bin]$

[infadev@infadev bin]$ ls -ltr tomcat*
-rw-rw-r-- 1 infadev uxa_info_sbx_adm_l 2201 Oct 23 16:39 tomcat.keystore
[infadev@infadev bin]$


22.   View the contents of the keystore:


[infadev@infadev bin]$ keytool -list -v -alias tomcat -keystore tomcat.keystore
Enter keystore password:
Alias name: tomcat
Creation date: Oct 23, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Infa, OU=Infa, O=Infa, L=Infa, ST=CA, C=US
Issuer: CN=Infa, OU=Infa, O=Infa, L=Infa, ST=CA, C=US
Serial number: 111ef740
Valid from: Mon Oct 23 16:39:26 CDT 2017 until: Sun Jul 19 16:39:26 CDT 2020
Certificate fingerprints:
        
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
]
]


33.  Self-signed Certificate

Generate a self-signed certificate using the MD5 algorithm and add it to the keystore. (Note: Enter the password which was provided in step 1 when prompted)


[infadev@infadev bin]$ keytool -selfcert -alias  tomcat -sigalg "SHA256withRSA" -keypass Changeme1 -storepass Changeme1 -validity 365 -dname "CN=Infa, OU=Infa, O=Infa, L=Infa, ST=CA, C=US" -keystore tomcat.keystore


44.  View the contents of the keystore:



[infadev@infadev bin]$ keytool -list -v -alias tomcat -keystore tomcat.keystore
Enter keystore password:
Alias name: tomcat
Creation date: Oct 23, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Infa, OU=Infa, O=Infa, L=Infa, ST=CA, C=US
Issuer: CN=Infa, OU=Infa, O=Infa, L=Infa, ST=CA, C=US
Serial number: 32bc32f8
Valid from: Mon Oct 23 16:47:09 CDT 2017 until: Tue Oct 23 16:47:09 CDT 2018
Certificate fingerprints:
         Version: 3

Extensions:

]
]


Step 5 : Copy the generated keystore file to the INFA_HOME/tomcat/conf directory on the server.

Step 6: Shut down the node process by running infaservice.sh shutdown.

Step 7: CD to the INFA_HOME/server directory, and run the updateGatewayNode command. Please take a backup of the INFA_HOME/isp/config/nodemeta.xml file before running this command.

./infasetup.sh updategatewaynode -da DBHost:1521 -du INFDOM -dp dbpwd -ds infapp -dn Domain_dev -hs 8443 -kf /sbx/informatica/9.6.1/tomcat/conf/tomcat.keystore -kp Changeme1


Step 8: Start Node

Step 9: Log into Admin Console with host:port address -  The page should redirect to the HTTPS URL.