Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Renewing an SSL certificate in Advanced Security

Re: Renewing an SSL certificate in Advanced Security

From: mkb <mkb125_at_yahoo.com>
Date: Fri, 14 Dec 2007 14:26:15 -0800 (PST)
Message-ID: <500554.83063.qm@web58007.mail.re3.yahoo.com> 








Yes, I have the initial certificate installed via orapki, and SSL works beautifully.  It's obtaining a new certificate when the original expires that I'm having trouble with.  I tried the process with OWM as you suggested, and that seemed to work.  It seems that orapki was something of an afterthought to Oracle.  It's too bad: I really wanted to script the whole process, but this is the second activity I've run into that requires OWM (the first was removing unused trusted certificates).  Unless, as Amir suggested, I create a new wallet and replace the old one.




On 12/14/07, mkb <mkb125_at_yahoo.com> wrote:
I'm not sure I quite follow.  I assume you generated a certificate request (something like this perhaps? orapki wallet add -wallet wallet_location -dn user_dn -keySize 512|1024|2048)




Then you exported the certificate request and got it signed from your CA, right?



You should have gotten back a root certificate from your CA and a signed user certificate.  The root cert would have been imported into the wallet with something like this:



orapki wallet add -wallet . -trusted_cert -cert cacert.pem



The signed user certificate would have been imported into the wallet using something like this:
orapki wallet add -wallet . -user_cert -cert newcert.pem




If you want to create a new signed user certificate, you will need to create a user certificate request, export the request and then submit it to the CA and get it signed.  Once it is signed, you only need to import the
 user signed certificate and not the root chain (assuming you got it signed from the same CA).  



I think I had some problems with the orapki utility when trying to import certs but when I used the GUI it seemed to work fine.  You might try using the GUI first (owm) and see if that solves the problem.




--



mohammed




You then created a certificate request






      Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.






Ok, so that basically confirms it for me also that the orapki utility is half-baked.  I also was going in the same direction that you were (wanting it to script it out), but I guess that's not going to be the case until Oracle fixes it.



Time to open a ticket on this one I suppose.



--



mohammed








Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping


--



http://www.freelists.org/webpage/oracle-l
Received on Fri Dec 14 2007 - 16:26:15 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US