Generating Self-Signed Certificates Using the utils.CertGen Utility
16.3.1 Generating Self-Signed Certificates Using the utils.CertGen Utility
The certificates added in this chapter as an example address a configuration where Node Manager listens on a physical host name HOST.mycompany.com and a WebLogic Managed Server listens on a virtual host name VIP.mycompany.com. Whenever a server is using a virtual host name, it is implied that the server can be migrated from one node to another. Consequently, the directory where keystores and trust keystores are maintained ideally must reside on a shared storage that is accessible from the failover. If additional host names are used in the same or different nodes, the steps in this example must be extended to:1. Add the required host names to the certificate stores if they are different from
HOST.mycompany.com and VIP.mycompany.com.2. Change the identity and trust store location information for Node Manager if the
additional host names are used by Node Manager or for the servers if the additional host names are used by Managed Servers. Follow these steps to create self-signed certificates on HOST. These certificates should be created using the network name or alias. For information on using trust CA certificates instead, see Configuring Identity and Trust in Oracle Fusion Middleware Securing Oracle WebLogic Server. The following examples configure certificates for HOST.mycompany.com and VIP.mycompany.com; that is, it is assumed that both a physical host name HOST and a virtual host name VIP are used in HOST. It is also assumed that HOST.mycompany.com is the address used by Node Manager and VIP.mycompany.com is the address used by a Managed Server or the Administration Server. This is the common situation for nodes hosting an Administration Server and a Fusion Middleware component, or for nodes where two Managed Servers coexist with one server listening on the physical host name and one server using a virtual host name which is the case for servers that use migration servers. 1. Set up your environment by running the WL_HOMEserverbinsetWLSEnv.sh script. In the Bourne shell, run the following commands: HOST cd WL_HOMEserverbin HOST .setWLSEnv.sh Verify that the CLASSPATH environment variable is set: HOST echo CLASSPATH 2. Create a user-defined directory for the certificates. For example, create a directory called certs under the ORACLE_BASEadmindomain_ name aserverdomain_name directory. Note that certificates can be shared across WebLogic domains. HOST cd ORACLE_BASEadmindomain_nameaserverdomain_name HOST mkdir certs3. Change directory to the directory that you just created:
Note: The directory where keystores and trust keystores are maintained must be on shared storage that is accessible from all nodes so that when the servers fail over manually or with server migration, the appropriate certificates can be accessed from the failover node. Oracle recommends using central or shared stores for the certificates used for different purposes like SSL set up for HTTP invocations, for example. 16-4 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management HOST cd certs 4. Run the utils.CertGen tool from the user-defined directory to create the certificates for both HOST. mycompany.com and VIP. mycompany.com. Syntax all on a single line: java utils.CertGen Key_Passphrase Cert_File_Name Key_File_Name [export | domestic] [Host_Name] Examples: IDMHOST1 java utils.CertGen Key_Passphrase IDMHOST1.mycompany.com_cert IDMHOST1.mycompany.com_key domestic IDMHOST1.mycompany.com IDMHOST2 java utils.CertGen Key_Passphrase IDMHOST2.mycompany.com_cert IDMHOST2.mycompany.com_key domestic IDMHOST2.mycompany.com IDMHOST2 java utils.CertGen Key_Passphrase ADMVHN.mycompany.com_cert ADMVHN.mycompany.com_key domestic ADMVHN.mycompany.com16.3.2 Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
Parts
» Oracle Fusion Middleware Online Documentation Library
» What is an Enterprise Deployment? Terminology
» Understanding the Directory Tier
» Architecture Notes Understanding the Application Tier
» Architecture Notes Security Provisions
» Using This Guide Oracle Fusion Middleware Online Documentation Library
» Hardware Resource Planning Oracle Fusion Middleware Online Documentation Library
» Load Balancers Network Prerequisites
» Configuring Virtual Server Names and Ports on the Load Balancer
» Virtual IP Addresses Managing Oracle Fusion Middleware Component Connections
» Firewall and Port Configuration
» Directory Structure Terminology and Environment Variables
» Recommended Locations for the Different Directories
» WebLogic Domain Considerations Real Application Clusters
» Creating Database Services for 11.2.x Databases Database Tuning
» RCU Example Executing the Repository Creation Utility
» Introduction Using this Guide Software Installation Summary
» Installation Installing Oracle HTTP Server
» Installing Oracle Fusion Middleware Components Installing Oracle Fusion Middleware Home
» Installing JRockit Installing Oracle Identity Management
» Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5
» Installing the Oracle SOA Suite
» Installing Oracle Identity and Access Management
» Validating the Installation Backing up the Web Tier Configuration
» Enabling ADMINVHN on IDMHOST1 Running the Configuration Wizard on IDMHOST1 to Create a Domain
» Failing over the Administration Server to IDMHOST2
» Failing the Administration Server Back to IDMHOST1
» Configuring the First Oracle Internet Directory Instance
» Configuring an Additional Oracle Internet Directory Instance
» Registering Oracle Internet Directory with the WebLogic Server Domain
» Extending the Oracle WebLogic Domain with Oracle Directory Integration Platform and ODSM
» Installing and Configuring Oracle Directory Integration Platform and ODSM on IDMHOST2
» Provisioning the Managed Servers in the Managed Server Directory
» Validating Oracle Directory Services Manager Validating Oracle Directory Integration Platform
» Backing Up the Application Tier Configuration
» Configuring the First Oracle Virtual Directory Instance
» Configuring an Additional Oracle Virtual Directory
» Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
» Creating Policy Store Users and the Policy Container
» Reassociating the Policy and Credential Store
» Extending Directory Schema for Oracle Access Manager
» Creating Users and Groups for Oracle Access Manager
» Creating Users and Groups for Oracle Adaptive Access Manager
» Creating Users and Groups for Oracle Identity Manager
» Creating Users and Groups for Oracle WebLogic Server
» Creating Access Control Lists in Non-Oracle Internet Directory Directories
» Extending Domain with Oracle Access Manager
» Removing IDM Domain Agent Propagating the Domain Changes to the Managed Server Domain Directory
» Changing Oracle Access Manager Security Model
» Configuring Oracle Access Manager by Using the IDM Automation Tool
» Adding the oamadmin Account to Access System Administrators Validating Oracle Access Manager
» Setting up Keystore with the SSL Certificate and Private Key file of the Access Client
» Extending Domain for Oracle Adaptive Access Manager
» Prerequisites Loading Oracle Adaptive Access Manager Seed Data
» Backing Up the Application Tier Configuration Backing Up the Application Tier Configuration
» Prerequisites Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2
» Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1
» Propagating the Oracle Identity Manager and SOA Managed Servers to OIMHOST1 and OIMHOST2
» Prerequisites Configuring Oracle Identity Manager to Work with the Oracle Web Tier
» Configuring an IT Resource Instance for Email
» Creating and Importing New Rules
» Tuning Oracle Platform Security Backing Up the Application Tier Configuration
» Prerequisites Oracle Fusion Middleware Online Documentation Library
» Configuring Oracle Identity Federation on OIFHOST1
» Configuring Oracle Identity Federation on OIFHOST2
» Provisioning the Managed Servers on the Local Disk
» Validating Oracle Identity Federation Backing Up the Application Tier Configuration
» Generating Self-Signed Certificates Using the utils.CertGen Utility
» Configuring Node Manager to Use the Custom Keystores
» Starting Node Manager Configuring Managed WebLogic Servers to Use the Custom Keystores
» Configuring Server Migration Targets Click the Migration tab.
» Updating Existing LDAP Users with Required Object Classes
» Integrating Oracle Access Manager with Oracle Identity Manager by Using idmConfigTool
» Updating Oracle Virtual Directory Authenticator Manually Creating CSF Keys
» Managing the Password of the xelsysadm User Validating Integration
» Validating Oracle Adaptive Access Manager
» Prerequisites Creating Oracle Directory Authenticator
» On the Configure Web Server screen, click Yes to automatically update the web
» Validating WebGate Validating the Oracle Access Manager Single Sign-On Setup
» Monitoring Oracle Virtual Directory
» Monitoring Oracle Directory Integration Platform
» Scaling Up the Directory Tier
» Click the SSL tab. Click Advanced. Set Hostname Verification to None. Click Save.
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Patching an Oracle Fusion Middleware Source File Patching Identity Management Components
» Troubleshooting Oracle Internet Directory
» Troubleshooting Oracle Virtual Directory
» Troubleshooting Oracle Directory Integration Platform
» Troubleshooting Oracle Directory Services Manager
Show more