Oracle® Application Server Certificate Authority Administrator's Guide 10g (9.0.4) Part Number B10663-01 |
|
Oracle Application Server Certificate Authority enables an organization to issue and manage digital certificates based on PKI (public key infrastructure) technology. With Oracle Application Server Certificate Authority's ease of administration and management, such certificates improve security and reduce the time and resources required for user authentication.
Oracle Application Server Certificate Authority (OCA) enables end-entities (users and servers) to authenticate themselves using certificates that OCA issues based on SSO, SSL, or other pre-existing authentication methods. Use of these certificates makes authentication a speedier and more secure process, relying on certificate identification. Each certificates is published to OID when it is issued and removed when it expires or is revoked. Users can access the OCA web interface to request issuance, revocation, or renewal of their own certificates. No special privilege is required for end-users to access the OCA web interface. However, certificate issuance, revocation, or renewal requires either prior authentication by SSO, SSL, or OCA or, in the absence of these, manual authentication by the OCA administrator.
This Oracle Application Server Certificate Authority Administrator's Guide explains how to perform administration and management of public key certificates.
This preface contains these topics:
This guide is intended for Oracle Application Server Certificate Authority administrators who will manage certificate requests and certificate-related operations.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle Corporation is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.
This documentation may contain links to Web sites of other companies or organizations that Oracle Corporation does not own or control. Oracle Corporation neither evaluates nor makes any representations regarding the accessibility of these Web sites.
The Oracle Application Server Certificate Authority (OCA) is a component of Oracle Identity Management, an integrated infrastructure that provides distributed security services for Oracle products and other enterprise applications. The Oracle Identity Management infrastructure includes the following components and capabilities:
In addition to its use of SSL, OC4J, and HTTP Server, Oracle Application Server Certificate Authority has a built-in reliance on SSO and OID. OCA publishes each valid certificate in an OID entry for the DN in use. SSO and other components can rely on these OID entries because OCA removes revoked and expired certificates from OID on a regular basis. The administrator also has the option of configuring OCA to publish its URL through SSO. This configuration choice causes every SSO-authenticated user who lacks a certificate to see the OCA page for requesting one. OCA certificates can be used to authenticate to any Oracle component or to authorize use of any application that is SSO-enabled.
In a typical enterprise application deployment, a single Oracle Identity Management infrastructure is deployed, consisting of multiple server and component instances. Such a configuration provides benefits that include high availability, information localization, and delegated component administration. Each additional application deployed in the enterprise then leverages the shared infrastructure for identity management services. This deployment model has a number of advantages, including:
For more information about planning, deploying, and using the Oracle Identity Management infrastructure, see the Oracle Identity Management Administrator's Guide.
For the default deployment configuration of OCA, installation instructions appear in section 6.20 of the Oracle Application Server 10g Installation Guide. For the recommended deployment configuration and installation procedure, see section 11.9 of that Guide.
Each chapter in this document is described in the following table.
Chapter # | Chapter Reference | Description |
---|---|---|
1 |
Briefly describes public key infrastructure and its Oracle implementation |
|
2 |
Identity Management and OracleAS Certificate Authority Features |
Describes the key features & interface (scalable, web-browser) to administer industry-standard certificates, integrate with LDAP directories and Single Sign-On, and apply policies |
3 |
Introduction to OCA Administration and Certificate Management |
Describes using the web administrator interface to accomplish OCA administration and certificate management |
4 |
Describes the OCA user interface to request renew, or revoke certificates |
|
5 |
Managing Policies in Oracle Application Server Certificate Authority |
Describes how to manage or modify policies delivered with OCA, and how to make and manage new ones, for handling requests to issue, renew, or revoke certificates. The Administrator can modify policies using the web interface. |
6 |
OracleAS Certificate Authority Administration: Advanced Topics |
Describes Oracle Application Server Certificate Authority's requirements and interactions with Oracle® Application Server High Availability features and standard back-up-and-recovery procedures |
7 |
End-User Interface of the Oracle Application Server Certificate Authority |
Describes the web interface for end-users to request, acquire, renew, or revoke certificates |
A |
Presents syntax & examples for all uses of the |
|
B |
Describes how to acquire and import a subordinate certificate authority, which is a CA whose certificate is signed by some higher CA authority. |
|
C |
Presents workarounds and other suggestions for handling certain issues or error messages that can arise while installing, administering, or using Oracle Application Server Certificate Authority. |
|
D |
Describes X.509 V3 and IETF's PKIX standard extensions, with which Oracle Application Server Certificate Authority is compliant |
Many of the examples in this book use the sample schemas of the seed database, which is installed by default when you install Oracle. Refer to Oracle10i Sample Schemas for information on how these schemas were created and how you can use them yourself.
In North America, printed documentation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/
Customers in Europe, the Middle East, and Africa (EMEA) can purchase documentation from
http://www.oraclebookshop.com/
Other customers can contact their Oracle representative to purchase printed documentation.
To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at
http://technet.oracle.com/membership/index.htm
If you already have a username and password for OTN, then you can go directly to the documentation section of the OTN Web site at
http://technet.oracle.com/docs/index.htm
This section describes the conventions used in the text and code examples of this documentation set. It describes:
We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.
Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:
SELECT username FROM dba_users WHERE username = 'MIGRATE';
The following table describes typographic conventions used in code examples and provides examples of their use.
|
![]() Copyright © 2002, 2003 Oracle Corporation. All Rights Reserved. |
|