The Java utility
generateSSLCertificates
creates certificates that support
secure two-way SSL communication between Oracle Commerce components on
different machines in a distributed environment. For example, the certificates
can support secure communication between a web application deployed on one
server and an MDEX Engine (Dgraph) deployed on a different server, or between a
Workbench deployed on one server and an EAC Central Server.
The
generateSSLCertificates
utility is based on
OpenSSL
, an open source implementation of the SSL
protocol. Before upgrading to a newer version of
OpenSSL
, verify that the newer version of OpenSSL is
compatible with the versions of Platform Services (Forge and Logserver) and
Dgraph (MDEX) that are using your current version of
OpenSSL
.
Note
The
generateSSLCertificates
utility is intended for use
primarily during the authoring and testing phases of application development.
When you have completed initial testing, purchase certificates from a
certificate authority and use those in your authoring and production
environments. Because it is written in Java, it can be used on Linux,
Solaris, and Windows platforms.
To support secure communication among Guided Search components,
generateSSLCertificates
creates a Public Key
Infrastructure that comprises:
Pairs of public keys and private keys for each server in the distributed environment.
Self-signed CA root certificates for use in testing environments. (In production environments,
generateSSLCertificates
can use the customer's existing CA root certificates.)Host certificates containing host names for server verification.
Certificates in PEM, pkcs12, and JKS formats. (Certificates in PEM format are used by components that use openssl; certificates in PKCS12 format are used by Internet browsers, and certificates in JKS are used by Java programs.)
CA root certificates expire after 3600 days; host certificates expire after 1095 days.
The Public Key Infrastructure created by
generateSSLCertificates
adheres to the X509 standard for
public keys and certificates.