### Sources - [OGG Documentation](https://docs.oracle.com/en/middleware/goldengate/core/19.1/securing/securing-deployments.html#GUID-472E5C9C-85FC-4B87-BB90-2CE877F41DC0) - [Markdown Basic Syntax](https://www.markdownguide.org/basic-syntax/) ### Creating a Self-Signed Root Certificate Create an automatic login wallet orapki wallet create \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" \ -auto_login Create self-signed certificate orapki wallet add -wallet ~/wallet_directory/root_ca \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" \ -dn "CN=RootCA" \ -keysize 2048 \ -self_signed \ -validity 7300 \ -sign_alg sha256 Check the contents of the wallet orapki wallet display \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" Export the certificate to a .pem file orapki wallet export \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" \ -dn "CN=RootCA" \ -cert /app/oracle/staging_area/export/rootCA_Cert.pem ### Creating Server Certificates #### For [exegol] server Create an automatic login wallet orapki wallet create \ -wallet /app/oracle/staging_area/wallet_dir/exegol \ -pwd "TabulaRasa32;" \ -auto_login Add a Certificate Signing Request (CSR) to the server’s wallet orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/exegol \ -pwd "TabulaRasa32;" \ -dn "CN=exegol.swgalaxy" \ -keysize 2048 Export the CSR to a .pem file orapki wallet export \ -wallet /app/oracle/staging_area/wallet_dir/exegol \ -pwd "TabulaRasa32;" \ -dn "CN=exegol.swgalaxy" \ -request /app/oracle/staging_area/export/exegol_req.pem Using the CSR, create a signed server or client certificate and sign it using the root certificate. Assign a unique serial number to each certificate. orapki cert create \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" \ -request /app/oracle/staging_area/export/exegol_req.pem \ -cert /app/oracle/staging_area/export/exegol_Cert.pem \ -serial_num 20 \ -validity 375 \ -sign_alg sha256 Add the root certificate into the client’s or server’s wallet as a trusted certificate. orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/exegol \ -pwd "TabulaRasa32;" \ -trusted_cert \ -cert /app/oracle/staging_area/export/rootCA_Cert.pem Add the server or client certificate as a user certificate into the client’s or server’s wallet orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/exegol \ -pwd "TabulaRasa32;" \ -user_cert \ -cert /app/oracle/staging_area/export/exegol_Cert.pem Check the contents of the wallet orapki wallet display \ -wallet /app/oracle/staging_area/wallet_dir/exegol \ -pwd "TabulaRasa32;" #### For [helska] server Create an automatic login wallet orapki wallet create \ -wallet /app/oracle/staging_area/wallet_dir/helska \ -pwd "SicSemper81;" \ -auto_login Add a Certificate Signing Request (CSR) to the server’s wallet orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/helska \ -pwd "SicSemper81;" \ -dn "CN=helska.swgalaxy" \ -keysize 2048 Export the CSR to a .pem file orapki wallet export \ -wallet /app/oracle/staging_area/wallet_dir/helska \ -pwd "SicSemper81;" \ -dn "CN=helska.swgalaxy" \ -request /app/oracle/staging_area/export/helska_req.pem Using the CSR, create a signed server or client certificate and sign it using the root certificate. Assign a unique serial number to each certificate. orapki cert create \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" \ -request /app/oracle/staging_area/export/helska_req.pem \ -cert /app/oracle/staging_area/export/helska_Cert.pem \ -serial_num 21 \ -validity 375 \ -sign_alg sha256 Add the root certificate into the client’s or server’s wallet as a trusted certificate. orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/helska \ -pwd "SicSemper81;" \ -trusted_cert \ -cert /app/oracle/staging_area/export/rootCA_Cert.pem Add the server or client certificate as a user certificate into the client’s or server’s wallet orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/helska \ -pwd "SicSemper81;" \ -user_cert \ -cert /app/oracle/staging_area/export/helska_Cert.pem Check the contents of the wallet orapki wallet display \ -wallet /app/oracle/staging_area/wallet_dir/helska \ -pwd "SicSemper81;" ### Creating a Distribution Server User Certificate Create an automatic login wallet orapki wallet create \ -wallet /app/oracle/staging_area/wallet_dir/dist_client \ -pwd "LapsusLinguae91" \ -auto_login Add a Certificate Signing Request (CSR) to the wallet orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/dist_client \ -pwd "LapsusLinguae91" \ -dn "CN=dist_client" \ -keysize 2048 Export the CSR to a .pem file orapki wallet export \ -wallet /app/oracle/staging_area/wallet_dir/dist_client \ -pwd "LapsusLinguae91" \ -dn "CN=dist_client" \ -request /app/oracle/staging_area/export/dist_client_req.pem Using the CSR, create a signed certificate and sign it using the root certificate. Assign a unique serial number to each certificate. orapki cert create \ -wallet /app/oracle/staging_area/wallet_dir/rootCA \ -pwd "LuxAeterna12;" \ -request /app/oracle/staging_area/export/dist_client_req.pem \ -cert /app/oracle/staging_area/export/dist_client_Cert.pem \ -serial_num 22 \ -validity 375 \ -sign_alg sha256 Add the root certificate into the client’s or server’s wallet as a trusted certificate. orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/dist_client \ -pwd "LapsusLinguae91" \ -trusted_cert \ -cert /app/oracle/staging_area/export/rootCA_Cert.pem Add the server or client certificate as a user certificate into the client’s or server’s wallet orapki wallet add \ -wallet /app/oracle/staging_area/wallet_dir/dist_client \ -pwd "LapsusLinguae91" \ -user_cert \ -cert /app/oracle/staging_area/export/dist_client_Cert.pem Check the contents of the wallet orapki wallet display \ -wallet /app/oracle/staging_area/wallet_dir/dist_client \ -pwd "LapsusLinguae91" ### Trusted Certificates Both the Distribution Server and Receiver Server need certificates. - The Distribution Server uses the certificate in the client wallet location under outbound section - For the Receiver Server, the certificate is in the wallet for the inbound wallet location For self-signed certificates, you can choose from one of the following: - Have both certificates signed by the same Root Certificate - The other side’s certificate is added to the local wallet as trusted certificate