support/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
notes/Golden_Gate/distrib_certif_01.md
Valeriu PLESNILA 26296b6d6a 2026-03-12 21:01:38
2026-03-12 22:01:38 +01:00

235 lines
6.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
### Sources
- [OGG Documentation](https://docs.oracle.com/en/middleware/goldengate/core/19.1/securing/securing-deployments.html#GUID-472E5C9C-85FC-4B87-BB90-2CE877F41DC0)
- [Markdown Basic Syntax](https://www.markdownguide.org/basic-syntax/)
### Creating a Self-Signed Root Certificate
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-auto_login
Create self-signed certificate
orapki wallet add -wallet ~/wallet_directory/root_ca \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-dn "CN=RootCA" \
-keysize 2048 \
-self_signed \
-validity 7300 \
-sign_alg sha256
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;"
Export the certificate to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-dn "CN=RootCA" \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
### Creating Server Certificates
#### For [exegol] server
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-auto_login
Add a Certificate Signing Request (CSR) to the servers wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-dn "CN=exegol.swgalaxy" \
-keysize 2048
Export the CSR to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-dn "CN=exegol.swgalaxy" \
-request /app/oracle/staging_area/export/exegol_req.pem
Using the CSR, create a signed server or client certificate and sign it using the root certificate.
Assign a unique serial number to each certificate.
orapki cert create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-request /app/oracle/staging_area/export/exegol_req.pem \
-cert /app/oracle/staging_area/export/exegol_Cert.pem \
-serial_num 20 \
-validity 375 \
-sign_alg sha256
Add the root certificate into the clients or servers wallet as a trusted certificate.
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-trusted_cert \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Add the server or client certificate as a user certificate into the clients or servers wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-user_cert \
-cert /app/oracle/staging_area/export/exegol_Cert.pem
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;"
#### For [helska] server
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-auto_login
Add a Certificate Signing Request (CSR) to the servers wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-dn "CN=helska.swgalaxy" \
-keysize 2048
Export the CSR to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-dn "CN=helska.swgalaxy" \
-request /app/oracle/staging_area/export/helska_req.pem
Using the CSR, create a signed server or client certificate and sign it using the root certificate.
Assign a unique serial number to each certificate.
orapki cert create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-request /app/oracle/staging_area/export/helska_req.pem \
-cert /app/oracle/staging_area/export/helska_Cert.pem \
-serial_num 21 \
-validity 375 \
-sign_alg sha256
Add the root certificate into the clients or servers wallet as a trusted certificate.
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-trusted_cert \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Add the server or client certificate as a user certificate into the clients or servers wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-user_cert \
-cert /app/oracle/staging_area/export/helska_Cert.pem
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;"
### Creating a Distribution Server User Certificate
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-auto_login
Add a Certificate Signing Request (CSR) to the wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-dn "CN=dist_client" \
-keysize 2048
Export the CSR to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-dn "CN=dist_client" \
-request /app/oracle/staging_area/export/dist_client_req.pem
Using the CSR, create a signed certificate and sign it using the root certificate.
Assign a unique serial number to each certificate.
orapki cert create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-request /app/oracle/staging_area/export/dist_client_req.pem \
-cert /app/oracle/staging_area/export/dist_client_Cert.pem \
-serial_num 22 \
-validity 375 \
-sign_alg sha256
Add the root certificate into the clients or servers wallet as a trusted certificate.
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-trusted_cert \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Add the server or client certificate as a user certificate into the clients or servers wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-user_cert \
-cert /app/oracle/staging_area/export/dist_client_Cert.pem
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91"
### Trusted Certificates
Both the Distribution Server and Receiver Server need certificates.
- The Distribution Server uses the certificate in the client wallet location under outbound section
- For the Receiver Server, the certificate is in the wallet for the inbound wallet location
For self-signed certificates, you can choose from one of the following:
- Have both certificates signed by the same Root Certificate
- The other sides certificate is added to the local wallet as trusted certificate
Reference in New Issue View Git Blame Copy Permalink