6.7 KiB
Sources
Creating a Self-Signed Root Certificate
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-auto_login
Create self-signed certificate
orapki wallet add -wallet ~/wallet_directory/root_ca \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-dn "CN=RootCA" \
-keysize 2048 \
-self_signed \
-validity 7300 \
-sign_alg sha256
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;"
Export the certificate to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-dn "CN=RootCA" \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Creating Server Certificates
For [exegol] server
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-auto_login
Add a Certificate Signing Request (CSR) to the server’s wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-dn "CN=exegol.swgalaxy" \
-keysize 2048
Export the CSR to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-dn "CN=exegol.swgalaxy" \
-request /app/oracle/staging_area/export/exegol_req.pem
Using the CSR, create a signed server or client certificate and sign it using the root certificate. Assign a unique serial number to each certificate.
orapki cert create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-request /app/oracle/staging_area/export/exegol_req.pem \
-cert /app/oracle/staging_area/export/exegol_Cert.pem \
-serial_num 20 \
-validity 375 \
-sign_alg sha256
Add the root certificate into the client’s or server’s wallet as a trusted certificate.
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-trusted_cert \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Add the server or client certificate as a user certificate into the client’s or server’s wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;" \
-user_cert \
-cert /app/oracle/staging_area/export/exegol_Cert.pem
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/exegol \
-pwd "TabulaRasa32;"
For [helska] server
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-auto_login
Add a Certificate Signing Request (CSR) to the server’s wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-dn "CN=helska.swgalaxy" \
-keysize 2048
Export the CSR to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-dn "CN=helska.swgalaxy" \
-request /app/oracle/staging_area/export/helska_req.pem
Using the CSR, create a signed server or client certificate and sign it using the root certificate. Assign a unique serial number to each certificate.
orapki cert create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-request /app/oracle/staging_area/export/helska_req.pem \
-cert /app/oracle/staging_area/export/helska_Cert.pem \
-serial_num 21 \
-validity 375 \
-sign_alg sha256
Add the root certificate into the client’s or server’s wallet as a trusted certificate.
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-trusted_cert \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Add the server or client certificate as a user certificate into the client’s or server’s wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;" \
-user_cert \
-cert /app/oracle/staging_area/export/helska_Cert.pem
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/helska \
-pwd "SicSemper81;"
Creating a Distribution Server User Certificate
Create an automatic login wallet
orapki wallet create \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-auto_login
Add a Certificate Signing Request (CSR) to the wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-dn "CN=dist_client" \
-keysize 2048
Export the CSR to a .pem file
orapki wallet export \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-dn "CN=dist_client" \
-request /app/oracle/staging_area/export/dist_client_req.pem
Using the CSR, create a signed certificate and sign it using the root certificate. Assign a unique serial number to each certificate.
orapki cert create \
-wallet /app/oracle/staging_area/wallet_dir/rootCA \
-pwd "LuxAeterna12;" \
-request /app/oracle/staging_area/export/dist_client_req.pem \
-cert /app/oracle/staging_area/export/dist_client_Cert.pem \
-serial_num 22 \
-validity 375 \
-sign_alg sha256
Add the root certificate into the client’s or server’s wallet as a trusted certificate.
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-trusted_cert \
-cert /app/oracle/staging_area/export/rootCA_Cert.pem
Add the server or client certificate as a user certificate into the client’s or server’s wallet
orapki wallet add \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91" \
-user_cert \
-cert /app/oracle/staging_area/export/dist_client_Cert.pem
Check the contents of the wallet
orapki wallet display \
-wallet /app/oracle/staging_area/wallet_dir/dist_client \
-pwd "LapsusLinguae91"
Trusted Certificates
Both the Distribution Server and Receiver Server need certificates.
- The Distribution Server uses the certificate in the client wallet location under outbound section
- For the Receiver Server, the certificate is in the wallet for the inbound wallet location
For self-signed certificates, you can choose from one of the following:
- Have both certificates signed by the same Root Certificate
- The other side’s certificate is added to the local wallet as trusted certificate