My Oracle Support Banner

E1: SVM: How to Implement TLS v1.2 for Secure JMX Protocol Communication on Server Manager Console Version 9.2.4.3 and Higher (Doc ID 2723106.1)

Last updated on FEBRUARY 11, 2021

Applies to:

JD Edwards EnterpriseOne Tools - Version 9.2 and later
Information in this document applies to any platform.

Goal

This document explains the procedure to implement TLS v1.2 for secure JMX Protocol communication on Server Manager Console version 9.2.4.3 and higher.

For following the below procedure, we will consider that at least Server Manager Management Console has been installed or upgraded/updated to version 9.2.4.3.

If the TLS v1.2 has been previously used and then the Server Manager Management Console has been upgraded/updated to version 9.2.4.3, then the arguments which have been previously set for embedded agents (Java servers start arguments, or Java arguments set in JDE.INI on Enterprise Servers), or for standalone agents (Windows Service start arguments or arguments set in runAgent script) can be safely deleted as these settings have been copied into the agent.properties file and when the E1 agents are started, the values are used from agent.properties file only. Also, the passwords stored in the agent.properties for identity store, key store and trusted certificates store are now encrypted.

This document is intended to be followed when previously, on Server Manager Management Console the old TLS v1 was used (by re-enabling the 3DES algorithm in java.security file for newer versions of Java), or secure JMX communication protocol was disabled (...usesecurejmx=false in agent.properties).

Also, this document can be used after Server Manager Management Console 9.2.5 or later has been freshly installed and it is required that all the E1 agents to be shown as running in Server Manager Management Console and managed instances to be registered before using the automated TLS configuration described in Doc ID 2749197.1 - Automated TLS/SSL Configuration for Server Manager Console and Agent (Tools Release 9.2.5x and later)

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 1. Generate the identity keystore
 2. Export the certificate from identity keystore filename 
 3. Import the certificate to the trusted identity store
 4. Alter the agent.properties file of Server Manager Management Console
 5. Alter the agent.properties file on each Managed Home
 6. Restart each E1 agent, each Managed Instance (JAS, Enterprise Server etc.) and the Server Manager Management Console
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.