Configuring Certificate Password Phrase For the GWWS Servers

1.1.9.4 Configuring Certificate Password Phrase For the GWWS Servers

Configuring a security password phrase is required when setting up certificates for SALT. The certificates setting is desired when the GWWS servers enable TLS link-level encryption and/or Web Service Security X.509 Token and signature features. The certificate private key file must be created and encrypted with a password phrase.

When GWWS servers are specified with certificate-related features, they are required to read the private key file and decrypt it using the password phrase. To configure a password phrase for each GWWS server, the keywords SEC_PRINCIPAL_NAME and SEC_PRINCIPAL_PASSVAR must be specified under each desired GWWS server entry in the *SERVERS section. During compiling the UBBCONFIG file with tmloadcf, the administrator must type the password phrase, which can be used to decrypt the private key file correctly.

Note:

Only one private key file can be specified in the SALT deployment file. All the GWWS servers defined in the SALT deployment file must be provided the same password phrase for the private key file decryption.

The example shows a segment of the UBBCONFIG file that defines a security password phrase for the GWWS servers.

Example 1-33 Security Password Phrase Defined in the UBBCONFIG File For the GWWS Servers

......
*SERVERS
GWWS SRVGRP=GROUP1 SRVID=10
     SEC_PRINCIPAL_NAME="gwws_certkey"
     SEC_PRINCIPAL_VAR="gwws_certkey"
     CLOPT="-A -- –i GW1"
GWWS SRVGRP=GROUP1 SRVID=11
     SEC_PRINCIPAL_NAME="gwws_certkey"
     SEC_PRINCIPAL_PASSVAR="gwws_certkey"
     CLOPT="-A -- –i GW2"
......

For more information, see UBBCONFIG(5) in the Oracle Tuxedo documentation

Parent topic: Configuring the UBBCONFIG File for SALT