CitiDirect BE SM Java Security Configuration Guide



Similar documents
Oracle Java (8u31) Installation

Practice Fusion API Client Installation Guide for Windows

Enabling Java and ActiveX Settings of Internet Explorer:

HOW TO CONFIGURE PASS-THRU PROXY FOR ORACLE APPLICATIONS

Aladin. There are currently two recommended links for Aladin. Suitable for most users, the default Aladin link is:

Eclipse installation, configuration and operation

Java version 7 update 45 (7u45)

MultiSite Manager. Setup Guide

Citrix and Windows Servers

This walk-through was created using Windows XP as a guide, however alternate versions of the Windows OS will be very similar in procedure as well.

Getting Started using the SQuirreL SQL Client

MultiSite Manager. Setup Guide

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

POOSL IDE Installation Manual

BROWSER AND SYSTEM REQUIREMENTS

1) SETUP ANDROID STUDIO

Accessing Restricted University Online Resources Using Network Connect. on the Secure Remote Access Service

Omgeo Central Trade Manager SM

Personal Token Software Installation Guide

Witango Application Server 6. Installation Guide for OS X

Oracle Universal Content Management

Receiver Updater for Windows 4.0 and 3.x

Maple T.A. Beginner's Guide for Instructors

Sentinel Cloud V.3.5 Installation Guide

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Supplement I.B: Installing and Configuring JDK 1.6

Installing Communicator on Citrix XenApp and Windows Servers

FAQ: troubleshooting Java for Saba Web Access

new Business Online Technical Troubleshooting Guide

Troubleshooting AVAYA Meeting Exchange

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December Document issue: 2.0

Pervasive SQL 9 Client/Server Installation and Configuration

Charter Business Desktop Security Administrator's Guide

Error Code Quick Reference Guide Updated 01/28/2015

Citrix Introduction and FAQs

ADOBE DRIVE CC ADMINISTRATOR S GUIDE. revision 2

IBM Security QRadar Vulnerability Manager Version User Guide

Easy Setup Guide for the Sony Network Camera

1 Download & Installation Usernames and... Passwords

Shakambaree Technologies Pvt. Ltd.

Nintex Forms 2013 Help

Microsoft Entourage 2008 / Microsoft Exchange Server Installation and Configuration Instructions

USER GUIDE. Snow Inventory Client for Unix Version Release date Document date

Vizit 4.1 Installation Guide

Frequently Asked Questions e-form Filler. e-form Filler

Handle Tool. User Manual

Citrix Mac OS X Guide

Implementing a SAS 9.3 Enterprise BI Server Deployment TS-811. in Microsoft Windows Operating Environments

GX/GP Firmware Upgrade Procedure

How To Configure CU*BASE Encryption

QuickStart Guide for Mobile Device Management. Version 8.6

ComTrader 2.1 Technical Requirements. Version 1.3


UBS KeyLink Quick reference WEB Installation Guide

PC Requirements and Technical Help. Q1. How do I clear the browser s cache?

Application Servers - BEA WebLogic. Installing the Application Server

8x8 Virtual Office Telephony Interface for Salesforce

How to setup and use XViewer & XImpcert

Click Start > Control Panel > System icon to open System Properties dialog box. Click Advanced > Environment Variables.

Accessing the Online Meeting Room (Blackboard Collaborate)

Table of Contents. Oracle/Sun JRE Upgrade Instructions. Verify Hard Disk Space JRE

Oracle Enterprise Single Sign-on Logon Manager Best Practices: Packaging ESSO-LM for Mass Deployment Release E


ThinPoint Quick Start Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

Remote Control Tivoli Endpoint Manager - TRC User's Guide

Installing Digital Certificates Using Microsoft Windows 7 And MSIE 8 or MSIE 10

Upgrading Client Security and Policy Manager in 4 easy steps

Introduction to Mobile Access Gateway Installation

Entrust Managed Services PKI Administrator s Quick Start Guide

IEI emerge and Dedicated Micros Digital Video Recorder. Install, Setup, and Integration Guide. Version 3.0 and above

Reference Guide for WebCDM Application 2013 CEICData. All rights reserved.

Using Microsoft Visual Studio API Reference

QuickStart Guide for Managing Mobile Devices. Version 9.2

Witango Application Server 6. Installation Guide for Windows

ABS2020 Moving Airfreight Forward

Portal Instructions for Mac

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Reassigning Key Functions on Elf or Falcon X3 Windows Mobile

Java. How to install the Java Runtime Environment (JRE)

VoIP Infrastructure Upgrade Desktop. User Group March 2014

Operational Insight. Software Change Notice. Revision Date: June 6, 2014 Document ID: OI-SCN Software Update R

QuickStart Guide for Mobile Device Management

Network Connect Installation and Usage Guide

XF Extracellular Flux Analyzer. Installation and Troubleshooting Guide

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

LAE 5.1. Windows Server Installation Guide. Version 1.0

Citibank Online Investments. Release News November 9, Treasury and Trade Solutions

IBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager

1. To ensure the appropriate level of security, you will need Microsoft Windows XP or above.

XenClient Enterprise Synchronizer Installation Guide

Installing Ruby on Windows XP

Installation Guidelines (MySQL database & Archivists Toolkit client)

Cisco AnyConnect Client Installation Guide

BarTender Web Print Server

Important Notes for WinConnect Server VS Software Installation:

Packaging and Deploying Java Projects in Forte

Transcription:

CitiDirect BE SM Java Security Configuration Guide December 2013 Treasury and Trade Solutions

CitiDirect BE Java Security Configuration Guide Table of Contents Table of Contents Introduction...2 Java 6 Versions (1.6 Update XX)...4 Issues with new Java Version Release...2 Appendix A Modify Security Slider to Medium...5 What version of Java do I have?...3 Appendix B Deployment Rule Set Installation...6 Java 7 Versions...4 Java 7 Update 51 (1.7 Update 51)... 4 Appendix C Issue Screenshots after Oracle s release of new version of Java...9 Java 7 Update 45 (1.7 Update 45)... 4 Java 7 Update 40 (1.7 Update 40)... 4 Java 7 Update 10 to Update 25 (1.7 Update 10 to 1.7 Update 25)... 4 Java 7 Update 01 to Update 09 (1.7 Update 01 to 1.7 Update 09)... 4 1

CitiDirect BE Java Security Configuration Guide Introduction Introduction This document is intended for CitiDirect BE SM end users and IT security administrators of CitiDirect BE users. The information below outlines the configurations required on end users computer to facilitate the seamless operation of CitiDirect Services after Oracle s Java 1.7 Update 51 release on January 14, 2014. The required steps, as detailed below, will be dependent on the version of Java presently installed on the end user computer. We strongly recommend upgrading the Java on your workstation to the latest Java version 7 Update 51 as soon as it is released. This version has the latest security fixes and does not require configuration changes to continue to work on CitiDirect Services. Issues with new Java Version Release Whenever Oracle releases a new version of Java for public use, they also change security baselines and configurations that potentially result in CitiDirect BE clients experiencing issues while launching CitiDirect Services or navigating within the CitiDirect Services application. The usual experience is the display of a blank screen while navigating to a specific screen, or JavaScript errors displayed in the CitiDirect Services window. Detailed screenshots are listed in Appendix C. Immediately after the release of Java 1.7 Update 51, all users who use Java 1.7 Update 45, with a security setting of High in the Java Control Panel will be blocked and will experience problems while navigating to CitiDirect Services. If you experience the above, follow the steps outlined below for specific JRE versions, to resolve the issue. 2

CitiDirect BE Java Security Configuration Guide What version of Java do I have? What version of Java do I have? To determine the version of Java currently installed on your computer see the steps below: Open Internet Explorer and go to the following website: http://www.java.com/en/download/installed.jsp?detect=jre If Java is correctly installed, it will display the current Java version on your computer similar to the screenshot below. Based on the Java version installed, select the relevant link from the list below to view the actions required to resolve your issue. Java 1.6 (Version 6 Update XX Any update level) Java 7 Update 01 to Update 09 ( 1.7 Update 01 to 1.7 Update 09) Java 7 Update 10 to Update 25 (1.7 Update 10 to 1.7 Update 25) Java 7 Update 40 (1.7 Update 40) Java 7 Update 45 (1.7 Update 45) Java 7 Update 51 (1.7 Update 51) 3

CitiDirect BE Java Security Configuration Guide Java 7 Versions Java 7 Versions Based on the minor version installed (Update 01 to Update 51), the actions to be taken vary and are listed below: Java 7 Update 51 (1.7 Update 51) This is the latest and most secure version of Java. There are no actions required to continue working with CitiDirect Services. Java 7 Update 45 (1.7 Update 45) Users with Java 7 Update 45 have three options to continue working with CitiDirect Services: a. Upgrade the Java version to Java 7 Update 51 b. Modify the security slider setting in the Control Panel Java to be at Medium level as shown in Appendix A c. Contact your system administrator/network administrator team to install a deployment rule set as detailed in Appendix B Java 7 Update 40 (1.7 Update 40) Users with Java 7 Update 40 have three options to continue working with CitiDirect Services: a. Upgrade the Java version to Java 7 Update 51 b. Modify the security slider setting in Control Panel Java to be at Medium level as shown in Appendix A c. Contact your system administrator/network administrator to install a deployment rule set as detailed in Appendix B Java 7 Update 10 to Update 25 (1.7 Update 10 to 1.7 Update 25) Users with Java 7 Update 10 to Java 7 Update 25 have two options to continue working with CitiDirect Services. a. Upgrade the Java version to Java 7 Update 51 b. Modify the security slider setting in Control Panel Java to be at Medium level as shown in Appendix A Java 7 Update 01 to Update 09 (1.7 Update 01 to 1.7 Update 09) Users with Java 7 Update 01 to Update 09 versions are not required to perform any further actions to work with CitiDirect Services. Java 6 Versions (1.6 Update XX) Users with Java 1.6 versions are not required to perform any further actions to work with CitiDirect Services. 4

CitiDirect BE Java Security Configuration Guide Appendix A Appendix A Modify Security Slider to Medium In your computer, navigate to Control Panel Java. If you are using 32-bit Java in a 64-bit workstation such as Windows 7, navigate to Java settings using Control Panel View 32-bit Control Panel Items Java. Proceed to the Security tab and move the slider to Medium. 5

CitiDirect BE Java Security Configuration Guide Appendix B Appendix B Deployment Rule Set Installation System Administrators: Follow the steps outlined below to create a deployment rule set for your workstation environment. Where is this applicable? Users with Java 1.7 Update 40 and above can utilize the Java Deployment Rule set facility to minimize warnings shown when launching CitiDirect Services. Prerequisites System administrators should digitally sign JAR file and push them (copy) to individual workstations that have Java 1.7 Update 40 and above. More technical information about the steps listed below is available at https://blogs.oracle.com/java-platform-group/entry/ introducing_deployment_rule_sets Sample Steps a. Create Deployment Rule Set JAR. The JAR file includes the ruleset.xml file which contains the CitiDirect BE URLs which are to be trusted by the Java runtime on the user workstation. The contents required in the ruleset.xml file for trusting all URLs of CitiDirect BE is shown below. This data is a sample and system administrators are encouraged to create a similar XML file containing all the trusted URLs used by trusted Java Applets running in the client environment. <ruleset version= 1.0+ > <id location= https://citidirectportal.citidirect.com /> <id location= https://europe.citidirectportal.citidirect.com /> <id location= https://citidirectportalasia.citidirect.com /> <id location= https://citidirectbeportalnam.citidirect.com /> <id location= https://citidirectbeportalemea.citidirect.com /> <id location= https://citidirectbeportalasia.citidirect.com /> <id location= https://citidirect-eb.citcorp.com /> <id location= https://asia.citidirect-eb.citcorp.com /> 6

CitiDirect BE Java Security Configuration Guide Appendix B <id location= https://europe.citidirect-eb.citcorp.com /> <id location= https://us.citidirect.citcorp.com /> <id /><!-- Because this is both blank and shown last, it will be the default policy. --> <action permission= default > <message>access for Applet is blocked. Please contact system administrator.</message> </action> </ruleset> b. Create the xml file in C: drive called ruleset.xml. c. Create a JAR file with this xml file using the commands similar to the following from the command prompt after navigating to C:\ jar -cvf DeploymentRuleSet.jar ruleset.xml d. This creates the following file C:\DeploymentRuleset.jar e. This JAR file should now be digitally signed with a valid certificate procured from a certificate authority. An example command that can be run from the command prompt to sign this JAR with a certificate named testcertstore.jks is shown below: jarsigner -verbose -keystore c:\testcertstore.jks -signedjar DeploymentRuleSet.jar DeploymentRuleSet.jar More details about jarsigner is available at http://docs.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html The output of Jar signer is similar to Enter Passphrase for keystore: updating: META-INF/MANIFEST.MF adding: META-INF/mycompanycert.SF adding: META-INF/mycompanycert.RSA signing: ruleset.xml How does my company procure a digital certificate? Digital certificates can be procured from authorities such as Verisign, Thawte www.verisign.com, http://www.entrust.net/sslcert-comparisons.htm f. After creating the signed JAR, desktop administrators should copy the DeploymentRuleSet.jar to the common area so that rules are enforced for all users, across Java updates. That area is: Windows: C:\Windows\Sun\Java\Deployment Mac, Linux, Unix: /etc/.java/deployment 7

CitiDirect BE Java Security Configuration Guide Appendix B g. Successful installation of the deployment rule set can be validated by navigating to Control Panel Java Security. A link named View the active Deployment Rule Set will be available. On clicking, the XML file will be displayed which details the security settings for Java runtime. If the DeploymentRuleset.jar is not correctly copied, this link will not be displayed in the Control panel s security tab. 8

CitiDirect BE Java Security Configuration Guide Appendix C Appendix C Issue Screenshots after Oracle s release of new version of Java CitiDirect BE users will get Javascript errors/alerts while accessing CitiDirect Shortcuts from BE Portal or CitiDirect Services with Java 1.7 versions lower than Java 1.7 Update 51 Error from Shortcut: Error accessing services from CitiDirect Services Menu: Empty screen and Javascript errors similar to below screenshot 9

CitiDirect BE Java Security Configuration Guide Appendix C Root Cause When the 1.7 Update 51 version of Java is released, Oracle updates the security baseline version for 1.7 series JRE to 1.7 Update 51. Due to this change in baseline version, if a user has a 1.7 version of JRE which is below the new security baseline version and has High as security level setting, the Javascript communication with CitiDirect Services is blocked without prompting the user. Additionally, the user is not provided with any option to override this block and prevents the user interface interaction with Java, which prevents the navigation in the screen. For additional information regarding configuration changes to facilitate the Java 1.7 Update 51 release on January 14, 2014, contact your Citi Representative. 10

transactionservices.citi.com 2013 Citibank, N.A. All rights reserved. Citi and Arc Design is a registered service mark of Citigroup Inc. CitiDirect BE is a service mark of Citigroup Inc. 1162740 GTS26319 12/13