2026-03-12 21:01:38

Golden_Gate/distrib_certif_01.md

@@ -0,0 +1,234 @@
+### Sources
+
+- [OGG Documentation](https://docs.oracle.com/en/middleware/goldengate/core/19.1/securing/securing-deployments.html#GUID-472E5C9C-85FC-4B87-BB90-2CE877F41DC0)
+- [Markdown Basic Syntax](https://www.markdownguide.org/basic-syntax/)
+
+### Creating a Self-Signed Root Certificate
+
+Create an automatic login wallet
+
+	orapki wallet create \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;" \
+		-auto_login 
+
+ Create self-signed certificate
+
+	orapki wallet add -wallet ~/wallet_directory/root_ca \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;" \
+		-dn "CN=RootCA" \
+		-keysize 2048 \
+		-self_signed \
+		-validity 7300 \
+		-sign_alg sha256 
+
+Check the contents of the wallet
+
+	orapki wallet display \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;"
+
+Export the certificate to a .pem file
+
+	orapki wallet export \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;" \
+		-dn "CN=RootCA" \
+		-cert /app/oracle/staging_area/export/rootCA_Cert.pem
+
+
+### Creating Server Certificates
+
+#### For [exegol] server
+
+Create an automatic login wallet
+
+	orapki wallet create \
+		-wallet /app/oracle/staging_area/wallet_dir/exegol \
+		-pwd "TabulaRasa32;" \
+		-auto_login 
+
+Add a Certificate Signing Request (CSR) to the server’s wallet
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/exegol \
+		-pwd "TabulaRasa32;" \
+		-dn "CN=exegol.swgalaxy" \
+		-keysize 2048
+
+Export the CSR to a .pem file
+
+	orapki wallet export \
+		-wallet /app/oracle/staging_area/wallet_dir/exegol \
+		-pwd "TabulaRasa32;" \
+		-dn "CN=exegol.swgalaxy" \
+		-request /app/oracle/staging_area/export/exegol_req.pem
+
+Using the CSR, create a signed server or client certificate and sign it using the root certificate. 
+Assign a unique serial number to each certificate.
+
+	orapki cert create \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;" \
+		-request /app/oracle/staging_area/export/exegol_req.pem \
+		-cert /app/oracle/staging_area/export/exegol_Cert.pem \
+		-serial_num 20 \
+		-validity 375  \
+		-sign_alg sha256
+
+Add the root certificate into the client’s or server’s wallet as a trusted certificate.
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/exegol \
+		-pwd "TabulaRasa32;" \
+		-trusted_cert \
+		-cert /app/oracle/staging_area/export/rootCA_Cert.pem
+
+Add the server or client certificate as a user certificate into the client’s or server’s wallet
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/exegol \
+		-pwd "TabulaRasa32;" \
+		-user_cert \
+		-cert /app/oracle/staging_area/export/exegol_Cert.pem
+
+Check the contents of the wallet
+
+	orapki wallet display \
+		-wallet /app/oracle/staging_area/wallet_dir/exegol \
+		-pwd "TabulaRasa32;"
+
+
+#### For [helska] server
+
+Create an automatic login wallet
+
+	orapki wallet create \
+		-wallet /app/oracle/staging_area/wallet_dir/helska \
+		-pwd "SicSemper81;" \
+		-auto_login 
+
+Add a Certificate Signing Request (CSR) to the server’s wallet
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/helska \
+		-pwd "SicSemper81;" \
+		-dn "CN=helska.swgalaxy" \
+		-keysize 2048
+
+Export the CSR to a .pem file
+
+	orapki wallet export \
+		-wallet /app/oracle/staging_area/wallet_dir/helska \
+		-pwd "SicSemper81;" \
+		-dn "CN=helska.swgalaxy" \
+		-request /app/oracle/staging_area/export/helska_req.pem
+
+Using the CSR, create a signed server or client certificate and sign it using the root certificate. 
+Assign a unique serial number to each certificate.
+
+	orapki cert create \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;" \
+		-request /app/oracle/staging_area/export/helska_req.pem \
+		-cert /app/oracle/staging_area/export/helska_Cert.pem \
+		-serial_num 21 \
+		-validity 375  \
+		-sign_alg sha256
+
+Add the root certificate into the client’s or server’s wallet as a trusted certificate.
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/helska \
+		-pwd "SicSemper81;" \
+		-trusted_cert \
+		-cert /app/oracle/staging_area/export/rootCA_Cert.pem
+
+Add the server or client certificate as a user certificate into the client’s or server’s wallet
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/helska \
+		-pwd "SicSemper81;" \
+		-user_cert \
+		-cert /app/oracle/staging_area/export/helska_Cert.pem
+
+Check the contents of the wallet
+
+	orapki wallet display \
+		-wallet /app/oracle/staging_area/wallet_dir/helska \
+		-pwd "SicSemper81;"
+
+### Creating a Distribution Server User Certificate
+
+Create an automatic login wallet
+
+	orapki wallet create \
+		-wallet /app/oracle/staging_area/wallet_dir/dist_client \
+		-pwd "LapsusLinguae91" \
+		-auto_login 
+
+Add a Certificate Signing Request (CSR) to the wallet
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/dist_client \
+		-pwd "LapsusLinguae91" \
+		-dn "CN=dist_client" \
+		-keysize 2048
+
+Export the CSR to a .pem file
+
+	orapki wallet export \
+		-wallet /app/oracle/staging_area/wallet_dir/dist_client \
+		-pwd "LapsusLinguae91" \
+		-dn "CN=dist_client" \
+		-request /app/oracle/staging_area/export/dist_client_req.pem
+
+Using the CSR, create a signed certificate and sign it using the root certificate. 
+Assign a unique serial number to each certificate.
+
+	orapki cert create \
+		-wallet /app/oracle/staging_area/wallet_dir/rootCA \
+		-pwd "LuxAeterna12;" \
+		-request /app/oracle/staging_area/export/dist_client_req.pem \
+		-cert /app/oracle/staging_area/export/dist_client_Cert.pem \
+		-serial_num 22 \
+		-validity 375  \
+		-sign_alg sha256
+
+Add the root certificate into the client’s or server’s wallet as a trusted certificate.
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/dist_client \
+		-pwd "LapsusLinguae91" \
+		-trusted_cert \
+		-cert /app/oracle/staging_area/export/rootCA_Cert.pem
+
+Add the server or client certificate as a user certificate into the client’s or server’s wallet
+
+	orapki wallet add \
+		-wallet /app/oracle/staging_area/wallet_dir/dist_client \
+		-pwd "LapsusLinguae91" \
+		-user_cert \
+		-cert /app/oracle/staging_area/export/dist_client_Cert.pem
+
+Check the contents of the wallet
+
+	orapki wallet display \
+		-wallet /app/oracle/staging_area/wallet_dir/dist_client \
+		-pwd "LapsusLinguae91"
+
+
+### Trusted Certificates
+
+Both the Distribution Server and Receiver Server need certificates. 
+- The Distribution Server uses the certificate in the client wallet location under outbound section
+- For the Receiver Server, the certificate is in the wallet for the inbound wallet location
+
+For self-signed certificates, you can choose from one of the following:
+- Have both certificates signed by the same Root Certificate
+- The other side’s certificate is added to the local wallet as trusted certificate
+
+
+
+