|Oracle® Secure Backup Reference
|PDF · Mobi · ePub|
obcm tool to export and import identity certificates. These steps are required if you do not accept the default Oracle Secure Backup security behavior, which is for the Certification Authority to issue signed certificates to new hosts over the network.
observiced daemon on the administrative server acts as the Certification Authority. The CA has two responsibilities with respect to certificates: it accepts certificate signing requests from hosts within the administrative domain as part of the
mkhost process, and sends signed certificates back to the requesting host.
In manual certificate provisioning mode, you run
--certificate on the administrative server to export a signed certificate for the newly configured host. You must manually transfer this signed certificate to the newly configured host.
After manually transferring the certificate to the new host, run
obcm import on the newly configured host to import the signed certificate into the host's wallet. In this case,
obcm directly accesses the wallet of the host. After it has made changes to the local wallet,
obcm notifies the local
observiced so that the local
observiced can re-create the obfuscated wallet.
You must have write permissions in the wallet directory, which by default is
/usr/etc/ob/wallet on Linux and UNIX and
C:\Program Files\Oracle\Backup\db\wallet on Windows. Note that
obcm always accesses the wallet in this location. You cannot override the default location.
/etc/obcm [ export --certificate --file certificate_file --host hostname ] [ import --file signed_certificate_file ]
Exports a signed identity certificate for the specified host to the specified text file.
Imports a signed identity certificate from the specified text file.
Example 5-6 exports a certificate for host
new_client to the file
new_client_cert.f. The utility is run on the administrative server.
obcm export --certificate --file /tmp/new_client_cert.f --host new_client
Example 5-7 imports a signed identity certificate from the file
client_cert.f. The utility is run on the host being added to the administrative domain.