Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Renewing an SSL certificate in Advanced Security

Re: Renewing an SSL certificate in Advanced Security

From: Jason Heinrich <jheinrichdba_at_gmail.com>
Date: Fri, 14 Dec 2007 16:17:55 -0600
Message-ID: <b32e774d0712141417u54c9719ajc116bb988133aff1@mail.gmail.com> 





Yes, I have the initial certificate installed via orapki, and SSL works
beautifully.  It's obtaining a new certificate when the original expires
that I'm having trouble with.  I tried the process with OWM as you
suggested, and that seemed to work.  It seems that orapki was something of
an afterthought to Oracle.  It's too bad: I really wanted to script the
whole process, but this is the second activity I've run into that requires
OWM (the first was removing unused trusted certificates).  Unless, as Amir
suggested, I create a new wallet and replace the old one.



On 12/14/07, mkb <mkb125_at_yahoo.com> wrote:


>

> I'm not sure I quite follow.  I assume you generated a certificate request

> (something like this perhaps? orapki wallet add -wallet wallet_location -dn

> user_dn -keySize 512|1024|2048)

>

> Then you exported the certificate request and got it signed from your CA,

> right?

>

> You should have gotten back a root certificate from your CA and a signed

> user certificate.  The root cert would have been imported into the wallet

> with something like this:

> orapki wallet add -wallet . -trusted_cert -cert cacert.pem

>

> The signed user certificate would have been imported into the wallet using

> something like this:

> orapki wallet add -wallet . -user_cert -cert newcert.pem

>

> If you want to create a new signed user certificate, you will need to

> create a user certificate request, export the request and then submit it to

> the CA and get it signed.  Once it is signed, you only need to import the

> user signed certificate and not the root chain (assuming you got it signed

> from the same CA).

>

> I think I had some problems with the orapki utility when trying to import

> certs but when I used the GUI it seemed to work fine.  You might try using

> the GUI first (owm) and see if that solves the problem.

>

> --

> mohammed

>

>

> You then created a certificate request

>

> ------------------------------

> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it

> now.<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ+>

>





-- 
Jason Heinrich

--
http://www.freelists.org/webpage/oracle-l


Received on Fri Dec 14 2007 - 16:17:55 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US