Bookshelf Home | Contents | Index | PDF     

Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence > Creating Certificates and Keys >

Creating the Certificate Authority (CA) Certificate

To create the CA, follow the procedure below.

To create the CA

  • Create a Certificate Authority (CA) certificate by running the following command:

    req -new -x509 -keyout private/cakey.pem -out cacert.pem -config openssl.cnf -days $ValidityPeriod

    For example:

    OpenSSL> req -new -x509 -keyout private/cakey.pem -out cacert.pem -config openssl.cnf -days 365

    This example generates the following dialog:

    Loading 'screen' into random state - done
    Generating a 1024 bit RSA private key
    ..++++++
    .............................................++++++
    writing new private key to 'private/cakey.pem'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----
    You are about to be asked to enter information that will be incorporated into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.

    -----
    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Some-Organization Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:
    Email Address []:

  • Make a note of the passphrase that you entered. This passphrase is used when signing a new request.
  • Enter a Distinguished Name as prompted. This DN identifies the Certificate Authority.

This generates a Certificate Authority (CA) certificate named cacert.pem. This certificate verifies the certificates signed by the private key. The validity period for the CA certificate generated in the above example is 365 days.

The cakey.pem file stores the private key and is generated in $DIR\private. This key is used to sign certificate requests.

  
Oracle® Business Intelligence Enterprise Edition Deployment Guide Copyright © 2006, Oracle. All rights reserved.