Previous Topic: Change CA SiteMinder PasswordNext Topic: Synchronize Appliance Dates, Times, and Time Zones

Post DeploymentChange and Update PasswordsChange PasswordChange Password from ApplicationChange CA SiteMinder Password(Application) Reconfigure the SSO

(Application) Reconfigure the SSO

After you change the CA SiteMinder password, reconfigure the SSO.

Follow these steps:

  1. Log in to the OSS-SSO computer as an administrator
  2. Click Start, All Programs, CA, SiteMinder, Secure Proxy Configuration Wizard.
  3. Provide the version number of the Policy server, click Next.
  4. Click Yes, and click Next.
  5. Update the password in the password fields and click Next.
  6. Enter the following values:
    Trusted Host Name

    OSS-SSO2.oss.ca

    Host Configuration Object

    SecureProxySvrHostConfigObj

  7. Enter the policy server IP address, click Next.
  8. Select FIPS Compatibility Mode, click Next.
  9. Enter the following values and click Next:
    File name

    SmHost.conf

    Select a Location

    Select a location as appropriate.

  10. The SSO is reconfigured.

(Application) Regenerate the SSL

After you reconfigure the SSO you regenerate the SSL.

Follow these steps:

  1. Create the server key

    bin\openssl genrsa -des3 -out server.key 1024

  2. Create a self-signed certificate

    bin\openssl req -config bin\openssl.cnf -new -x509 -key keys\server.key -out certs\SPScert.crt

  3. Open the httpd-ssl conf file at ..\httpd\conf\extra\httpd-ssl.conf
  4. Modify or verify that the directives of the server key and certs are correct.
  5. Modify or verify that the value of the SSLPassPhraseDialog variable is custom. If not, set the value to custom.
  6. Mosify or verify that the value of the SSLCustomPropertiesFile variable is <sps_home>\httpd\conf\spsapachessl.properties. If not, set the value.
  7. Change the SSL Cache from shmcb to dbm (uncomment dbm, comment shcm
  8. Save the conf file
  9. Execute the following command from the command prompt: 
    cd ..\httpd\bin
configssl.bat -enable "Austin@123"
cd ..\secure-proxy\ssl
  10. To verify, try the following URLs:

    https://oss-sso/usm/wpf

    https://oss-sso/usm/headers.jsp

    https://oss-sso/CAisd/pdmweb.exe