iSelfSchooling.com  Since 1999     References  |  Search more  | Oracle Syntax  | Free Online Oracle Training

    Home      .Services     Login       Start Learning     Certification      .                 .Share your BELIEF(s)...

 

. Online Accounting        .Copyright & User Agreement   |
    .Vision      .Biography     .Acknowledgement

.Contact Us      .Comments/Suggestions       Email2aFriend    |

 

Online Oracle Training for beginners and advanced - The most comprehensive Oracle tutorial

The authors do not guarantee or take any responsibility for the accuracy, or completeness of the information.

Advanced - Application Server

 

 

 

 

 

 

 

 

Lesson 23

"Most folks are as happy as they make up their minds to be."

-Abraham Lincoln (1809-1865)

How to manage Oracle Certificate Authority Policies

(LESSON 23)

 

In this hands-on, you will learn how to modify the default policy to accept the renewal of an expired certificate until 15 days of expiration.

 

In your browser, go to OCA administration page by using the following URL:

https://<hostname.domain>:4400/oca/admin

 

Click on the “Configuration Management” tab:

 

Click on the “Policy” tab:

 

In the “Policy Rules” page, select Renewals from the drop-down menu “View Policies for.”

 

Now, you should see the “Policy” page for Renewal.  You may see the default renewal policy if the values were not changed.

 

Check the “RenewalRequestConstraint” box and click Edit to edit the properties of this policy. If you have been prompted for certificate, select your OCA administrator certificate.

 

In the “Edit Policy Result: RenewalRequestConstraint” page, edit the values of your policy for the following parameters:

-         Days before expiration date

-         Days after expiration date

-         Duration of renewal (days)

 

Click in the drop-down menu under any fields, and change the values. Then click on the OK button. You may be prompted to select the OCA administrator certificate.

 

Once the OCA displays a confirmation message, you have successfully changed your certificate authority policy.

 

In order your changes get enforce, you should stop and start your OCA server.

 

You may want to set the OCA server to accept only SSL certificate if the key size is above 1024.

 

In your browser, go to OCA administration page by using the following URL:

https://<hostname.domain>:4400/oca/admin

 

Click on the “Configuration Management” tab:

 

Click on the “Policy” tab:

 

In the “Policy Rules” page, select Request from the drop-down menu “View Policies for.”

 

Now, you should see the “Policy Rules” page. Select “RSAKeyConstrints” under Policy name and click the “Edit” icon. You may be prompted to select OCA administrator certificate. Go to the “Predicate Details” section, and the click “Add Another Row” to add another predicate value. Enter value (Usage==”ssl”) into the “Predicate Expression” field. Enter value for the Maximum key size default (bits) and Minimum Key size default (bits) fields.

 

On the “Predicate Details” section, click on the “Reorder” icon to move the Usage==”ssl” predicate above Type==”client” and then click on the “OK” icon.

 

In order your changes get enforce, you should stop and start your OCA server.