|
Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence > Creating Certificates and Keys >
Generating Server Certificate and Server Private Key
The following procedures generate the server certificate and server private key that BI components acting as servers must possess. The server certificate and private key is used by Oracle BI Cluster Controller, Oracle BI Server, Oracle BI Scheduler, Oracle BI Presentation Services and Oracle BI Presentation Services Plug-in (ISAPI) components. Generating Server Certificate Request and Private key
Use the following procedure to generate the server certificate request and private key. To generate the server certificate request and private key
- Run the following command:
req -new -keyout $ServerKeyFilename -out $ServerRequestFilename -days $ValidityPeriod -config openssl.cnf
For example:
OpenSSL> req -new -keyout server-key.pem -out server-req.pem -days 365 -config openssl.cnf
This example generates the following dialog:
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............................++++++
...........................................................++++++
writing new private key to 'server-key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Some-Organization Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
- Enter a Distinguished Name as prompted. The Distinguished Name identifies the server.
- Make a note of the passphrase that you entered. This passphrase is needed to decrypt the private key.
The command generates the server private key file called server-key.pem and the certificate request (unsigned server certificate) called server-req.pem. Creating the Server Certificate
The certificate request created above can be submitted to a commercial CA to generate a server certificate. For testing purposes, the CA generated in the step Creating the Certificate Authority (CA) Certificate can be used to sign the request, as described in the following procedure. To create the server certificate
- Run the following command:
ca -policy policy_anything -out $ServerCertFilename -config openssl.cnf -infiles $ServerRequestFilename
For example:
Openssl>ca -policy policy_anything -out server-cert.pem -config openssl.cnf -infiles server-req.pem
For this example, the following dialog is received:
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Enter pass phrase for ./private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'Redwood Shores'
organizationName :PRINTABLE:'Oracle'
organizationalUnitName:PRINTABLE:'BI'
commonName :PRINTABLE:'Server Certificate'
Certificate is to be certified until Dec 29 07:06:45 2007 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
- When prompted, enter the passphrase for the private key of the CA.
This is the passphrase that was supplied when creating the private key cakey.pem in the topic Creating the Certificate Authority (CA) Certificate.
This command generates the server certificate named server-cert.pem. The private key of the CA was used to sign the request. The public key is generated and placed in $DIR\newcerts with a filename that reflects the serial number, for example, 01.pem. The server certificate and private key is used by Oracle BI Cluster Controller, Oracle BI Server, Oracle BI Scheduler, Oracle BI Presentation Services and Oracle BI Presentation Services Plug-in (ISAPI) components.
| 
