The way how to configure OpenSSL to be CA and sign certificate requests acceptable by Oracle Application Server [SOLUTION]
- From: "Jurijs Velikanovs" <j.velikanovs@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Fri, 21 Apr 2006 19:55:30 +0100
Hello List,
I have found that it isn't obvious how to configure openssl in the way
acceptable by Oracle Application Server (Imported in to a Wallet).
Default OpenSSL configuration doesn't work.
I decided to publish that information because believe it can be used
by somebody else.
It is excellent way to test you SSL enabled configuration for proving
concepts without buying certificates from comercial parties or using
short term trials.
# 1. OPEN SSL Setup CA
mkdir -p $ca/demoCA # $ca any dir where you would like to store CA
cd $ca
echo randomized_string > .rnd
touch demoCA/index.txt
cp $openssl_home/openssl.cnf .
export OPENSSL_CONF=$ca/openssl.cnf
# 2. OPENSSL Create CA
$openssl_home/bin/openssl req -new -x509 -keyout cakey.pem -out
cacert.pem -days 10000
# 3. OWM Generate Wallet + CRequest.csr
# 4. OPENSSL Sign CRequest
export OPENSSL_CONF=$ca/openssl.cnf
$openssl_home/bin/openssl x509 -req -in CRequest.csr -CA cacert.pem
-CAkey cakey.pem -CAcreateserial -days 365 > CRequest.crt
# 5. OWM Import Trusted CT
# 6. OWM Import CRequest.crt
# 7. OWM Save Wallet
# 8. Configure Apache (OHS) as described in Docs or Metalink
PS If you have an issue I be happy to assist. Obviously in my spare time.
Yury
+44 7738 013090 (GMT)
============================================
http://otn.oracle.com/ocm/jvelikanovs.html
--
//www.freelists.org/webpage/oracle-l
Other related posts:
- » The way how to configure OpenSSL to be CA and sign certificate requests acceptable by Oracle Application Server [SOLUTION]
