Advanced
- Application Server
|
|
|
|
“dom is not
worth having if it does not include the dom to make
mistakes.” Gandhi |
“Happiness is when
what you think, what you say, and what you do are in harmony.”
Mahatma Gandhi |
How
to manage SSL Certificates in OID Oracle Identity Management
Infrastructure
LESSON20
First
you should not forget the following important notes since OCA
operational steps are dependent on the Web browser set up.
In
order to force the browser prompt before accepting any certificates,
you should make sure that your browser prompts you for any requested
certificate.
-
Depending on
what type of browser you have, open your browser and set up your
browser configuration to ask every time that a new certificate is
needed. Otherwise, the browser provides the certificate automatically,
which may cause unexpected problems.
-
For example
if you have Mozilla browser, open it, and select Edit >Preferences.
Then in the Category pane, expand the Privacy and Security node and
select Certificates. In the right pane, the Certificate related
information is displayed. In the Client Certificate Selection section,
select the Ask Every Time option button. This enables you to select
the client certificate as required for a particular operation.
To
view the status of the OCA server and how to start or stop it:
Go
to your server that you had installed your Oracle infrastructure. Make
sue that ORACLE_HOME and ORACLE_SID environment variables are
appropriately set. Assuming that you have a Unix OS do the following.
$
echo $ORACLE_HOME
$
echo $ORACLE_SID
In
case these variables are not set, do the following.
$
export ORACLE_HOME=/u01/oracle/myapp
$
export ORACLE_SID=your-instance-name
Change
your directory to the $ORACLE_HOME/oca/bin folder.
To
check the status of the OCA server do the following command:
$
ocactl status
You
should be prompted to enter your OracleAS Certificate Authority
administrator password.
To
start the OCA server do the following command:
$
ocactl start
You
should be prompted to enter your OracleAS Certificate Authority
administrator password.
To
start the OCA server do the following command:
$
ocactl start
You
should be prompted to enter your OracleAS Certificate Authority
administrator password.
To
display all the commands;
$
ocactl help
To
display help for a specific command:
$
ocactl help setpasswd
After
you started your OCA server, you should be able to access the OCA
administration page, and enroll for a certificate.
To
access the OCA administration page, and enroll for a certificate do
the following:
To
request an admin certificates from OCA server, you should open your
browser, and type your URL:
For
example:
https://<host.domain>:<port>/oca/admin
(default port is 4400)
To
find the port, view the portlist.ini file in the $ORACL_HOME/install
directory:
As
you notice we are using https (secure socket). Therefore, the OCA
server downloads a certificate. You should click OK to accept the
certificate and in the “Certicate Authority” page enroll for a
certificate by entering the detail information for certificate. Make
sure that you enter the OCA administrator password, and then click
Submit. Also, make your Certificate Key Size large enough with a
reasonable Validity Period.
Once
you received the Approved Certificate Information page, click on the
“Import to Browser” icon to import the certificate to the browser.
From now on, you may want to use this certificate when you connect to
the OCA administration page.
After
you import the certificate, click on the “Administration Home”
icon next to the “Import to Browser” icon to display the OCA
administration pages.
In
the “User Identification Request” page, you get a message that
your server requested that you identify yourself with a certificate.
Select the certificate just you imported to the browser, and then
click OK.
|