Quick procedure for adding a signed certificate to the Oracle Wallet used by the HTTP Server in an Oracle Application Server 10g without using the Oracle Wallet Manager GUI (owm), using the orapki utility:
1. Create Oracle Wallet with auto login:
orapki wallet create -wallet <wallet_name> -auto_login
Where <wallet_name> is specified in the SSLWALLET directive in the configuration file of the HTTP server, usually ORACLE_HOME/Apache/Apache/ssl.conf or OH/ohs/ohs/ssl.conf
2. Add certificate request to the wallet:
orapki wallet add -wallet <wallet_name> -dn 'CN=<server_name>,C=US' -keysize 2048
Replace <server_name> with the server name you need the certificate for, i.e. www.domain.com
3. Export certificate request:
orapki wallet export -wallet <wallet_name> -dn 'CN=<server_name>,C=US' -request req.txt
4. Get your certificate signed by a Certificate Authority (CA):
4.1 For production servers, submit the certificate request (req.txt) to a Commercial CA, you will get back for a cost ($) your signed certificate and trusted certificate(s).
4.2 For test or development servers, a self signed certificate can be used, you can sign your own certificate by using a root wallet:
orapki cert create -wallet rootwa -request req.txt -cert ap_cert.txt -validity 3650
Note that the root wallet needs to exist already and include a root certificate.
5. Add the trusted certificate(s) to new wallet:
orapki wallet add -wallet <wallet_name> -trusted_cert -cert b64cert.txt
You can obtain the b64cert.txt (Base64 encoded root certificate) from the CA who signed the certificate for you.
6. Finally add the signed certificate to new wallet:
orapki wallet add -wallet <wallet_name> -user_cert -cert cert.txt
To verify that your certificate works for the sever name you needed it, access the main web page using the server name:
https://www.domain.com
The browser should not complain about the certificate and you can check the certificate information usually by double clicking the padlock icon in the browser or somewhere in the browser Security options -- depending on the browser and version --.
More information:
No comments:
Post a Comment