Managing Keystores, Wallets, and Certificates 8-33 where password is the password for this wallet and subject_dn is the distinguished name of the certificate being deleted. To delete a certificate request or trusted certificate, replace Certificate in the above command with CertificateRequest or TrustedCertificate. 8.4.7.9 Converting a Self-Signed Certificate into a Third-Party Certificate Using Fusion Middleware Control A self-signed certificate residing in a wallet can be converted into a third-party certificate signed by a certificate authority CA. Take these steps to perform the task: 1. From the navigation pane, locate your component instance. 2. Navigate to component_name, the Security, then Wallets. 3. From the list of wallets, select the wallet that contains the self-signed certificate. 4. The Manage Certificates page appears. It contains the list of certificates in the wallet. 5. A new certificate request must be generated for the self-signed certificate that is to be converted. Select the self-signed certificate and click Add Certificate Request. A dialog box appears: 6. Enter the certificate request CR details and click OK. The CR is generated. You can either: ■ Copy and paste the Base64-encoded certificate request to a file. ■ Export it directly to a file with the Export Certificate Request button. 7. Submit the certificate request file to a certificate authority to generate a certificate. This is an offline procedure that you can execute in accordance with your local policy for obtaining certificates. 8. The CA signs the certificate request and generates a certificate. The CA will return you one of the following: ■ A single file containing both the newly generated certificate and its own CA certificate in pkcs7 format Note: The steps are illustrated for use with Oracle Internet Directory, and similar steps are applicable for generating wallets to use with Oracle HTTP Server and Oracle Web Cache. 8-34 Oracle Fusion Middleware Administrators Guide ■ Two files, one containing the newly generated certificate and a second containing its own CA certificate 9. Use Import to import these files into your wallet: ■ If you received a single file from the CA, import it as a trusted certificate, using an alias that matches the alias of the self-signed certificate you are replacing from Step 3. ■ If you received two files: – Import the file containing the CA certificate as a trusted certificate use an alias that is unique in the wallet. – Import the certificate file as a certificate using an alias that matches the alias of the self-signed certificate you are replacing. The CA returned a single file, which is imported as a trusted certificate: 10. After import, the certificate issued by the CA replaces the self-signed certificate.

8.4.7.10 Converting a Self-Signed Certificate into a Third-Party Certificate Using WLST

Follow these steps to convert a self signed certificate to a third-party certificate using WLST: 1. Add a certificate request, for example: addCertificateRequestinst1, oid1, oid, selfsigned, password, subject_dn, key_size 2. Export the certificate request: exportWalletObjectinst1, oid1, oid, selfsigned, password, CertificateRequest, tmp, subject_dn 3. Submit the certificate request tmpbase64.txt to a certificate authority. The CA will return a newly generated certificate and its own certificate, either as one file in PKCS7 format or as two separate files. 4. If you receive a single file from the CA, run the following command importWalletObjectinst1, oid1, oid, selfsigned, password, TrustedChain, tmpcert.txt Note: The order is important: you must import the trusted certificate first, followed by the certificate.