8-34 Oracle Fusion Middleware Administrators Guide ■ Two files, one containing the newly generated certificate and a second containing its own CA certificate 9. Use Import to import these files into your wallet: ■ If you received a single file from the CA, import it as a trusted certificate, using an alias that matches the alias of the self-signed certificate you are replacing from Step 3. ■ If you received two files: – Import the file containing the CA certificate as a trusted certificate use an alias that is unique in the wallet. – Import the certificate file as a certificate using an alias that matches the alias of the self-signed certificate you are replacing. The CA returned a single file, which is imported as a trusted certificate: 10. After import, the certificate issued by the CA replaces the self-signed certificate.

8.4.7.10 Converting a Self-Signed Certificate into a Third-Party Certificate Using WLST

Follow these steps to convert a self signed certificate to a third-party certificate using WLST: 1. Add a certificate request, for example: addCertificateRequestinst1, oid1, oid, selfsigned, password, subject_dn, key_size 2. Export the certificate request: exportWalletObjectinst1, oid1, oid, selfsigned, password, CertificateRequest, tmp, subject_dn 3. Submit the certificate request tmpbase64.txt to a certificate authority. The CA will return a newly generated certificate and its own certificate, either as one file in PKCS7 format or as two separate files. 4. If you receive a single file from the CA, run the following command importWalletObjectinst1, oid1, oid, selfsigned, password, TrustedChain, tmpcert.txt Note: The order is important: you must import the trusted certificate first, followed by the certificate. Managing Keystores, Wallets, and Certificates 8-35 where password is the password for this wallet and tmpcert.txt is the file that the CA returned and contains BASE64 encoded PKCS7. If you receive two files from the CA, import the CA certificate first as a trusted certificate, followed by the newly generated certificate. importWalletObjectinst1, oid1, oid, selfsigned, password, TrustedCertificate, tmpcacert.txt importWalletObjectinst1, oid1, oid, selfsigned, password, Certificate, tmpcert.txt where password is the password for this wallet, tmpcert.txt is the file that the CA returned and contains BASE64 encoded certificate and tmpcacert.txt is the file containing the BASE64 encoded CA certificate.

8.4.8 Wallet and Certificate Maintenance

This section contains the following administration topics: ■ Location of Wallets ■ Effect of Host Name Change on a Wallet ■ Changing a Self-Signed Wallet to a Third-Party Wallet ■ Replacing an Expiring Certificate in a Wallet

8.4.8.1 Location of Wallets

This section describes the location of wallets for different components. Root Directory for an Oracle Internet Directory Wallet The root directory for wallets is ORACLE_INSTANCEOIDadmin. This root directory will contain subdirectories with wallet names; these subdirectories will contain the actual wallet files. For example, assuming there are two wallets named oid1 and oid2, respectively, a sample structure could look like: ORACLE_INSTANCEOIDadminoid1cwallet.sso ORACLE_INSTANCEOIDadminoid1ewallet.p12 ORACLE_INSTANCEOIDadminoid2cwallet.sso Root Directory for an Oracle HTTP Server Wallet The root directory for wallets is ORACLE_INSTANCEconfigOHSohs_ instance_namekeystores. This root directory contains subdirectories with wallet names; these subdirectories contain the actual wallet files. For example, assuming there are two wallets named ohs1 and ohs2, respectively, a sample structure could look like: ORACLE_INSTANCEconfigOHSohs_instance1keystoresohs1cwallet.sso ORACLE_INSTANCEconfigOHSohs_instance1keystoresohs1ewallet.p12 ORACLE_INSTANCEconfigOHSohs_instance1keystoresohs2cwallet.sso Root Directory for an Oracle Web Cache Wallet The root directory for wallets is ORACLE_ INSTANCEconfigWebCachewebcache_instance_namekeystores.