Using the ACSLS GUI
- Install the Latest JRE Version on GUI Client Systems
- Accessing the ACSLS GUI
- ACSLS GUI Certificates
- SCI Certificate
- ACS Wallet
Note:
Make sure the latest version of the Java Runtime Environment (JRE) is installed on the systems that will use the ACSLS GUI to access ACSLS.ACSLS GUI Certificates
This section describes creating a GUI certificate for ACSLS which is used by Weblogic. This is different and not to be confused with SCI certificates which are described in a different section. The AcslsDomain in WebLogic is accessed using the secure protocol, https. This protocol uses encrypted communication between browser and server using private keys and digital certificates. The following sections describe the options to obtain and create a GUI certificate:
GUI ACSLS Demo Certificate
ACSLS/Weblogic ships with a so-called 'demo' certificate. This provides a minimal level of encryption security, but is insufficient for most needs today. This certificate is overwritten during installation of ACSLS by an automatically generated certificate. Refer to the section below for more information on the GUI generated certificate.
GUI Auto-Generated Certificate
During the ./install.sh phase of the ACSLS installation, a GUI certificate is automatically generated and installed into Weblogic that is specific to your ACSLS server. This certificate has a 2048 bit key and is self-signed. This generated certificate provides a better level of encryption and security than the default demo certificate, as described in the section above. The GUI generated certificate is also valid for 1824 days.
Most browsers will accept the certificate, however they may present warnings which will require users to accept an exception because the certificates are self-signed. See "GUI Certificates Signed by a Third Party Signing Authority" below for a higher level of security certificates which are not self -signed.
If a customer wishes to re-generate a GUI self-signed certificate and have it automatically installed, simply re-run ./install.sh on the ACSLS server and respond y when asked to re-generate the certificates.You can also use this procedure to re-generate a GUI certificate if it expires.
Note:
./install.sh will re-install weblogic when re-generating and re-installing certificates for the GUI.
Manually Configure a Self-Signed GUI Certificate
The ACSLS Installation Guide describes an optional, manual method of creating and installing a customized GUI self-signed certificate. The guide provides a step-by-step method for ACSLS administrators to configure a self-signed digital certificate that is 2048 bits in length. In the section entitled 'Configuring an SSL Encryption Key', this method provides a certificate that is supported on all browsers. Users who access an https site with a self-signed certificate are advised not to proceed with the site unless they have personal knowledge that the web resource is a trusted site. In the context of ACSLS users and the library control server, this level of trust is usually well understood, and in most cases, there is no need for the site to prove its integrity using third-party signature verification. You must use the acs_cert_wallet utility to store the GUI certificate password in this case.
GUI Certificates Signed by a Third Party Signing Authority
Each customer must determine whether they need to provide certificate authentication by a third-party signing authority such as Verisign or Entrust.net. The procedure for generating such a signed digital certificate is described in the Oracle online document, Configuring Identity and Trust at:
http://docs.oracle.com/cd/E13222_01/wls/docs92/secmanage/identity_trust.html