Skip Headers
Oracle® Retail POS Suite Security Guide
Release 14.1
E54480-01
  Go To Table Of Contents
Contents
Previous
Previous 		 Next
Next		  

E Appendix: SSL Server Certificates

This appendix demonstrates one of many possible methods that could be used to generate and install SSL server certificates. It is recommended that you generate and install certificates in the manner which best meets your needs.

This appendix shows an example using the Keytool utility, which is located in the $JAVA_HOME/bin directory.

KeyTool Utility Example

To generate and install SSL server certificates:

  1. Create a certificate Key Store and private key:

    1. Run the following command:

      keytool -genkey -alias <your_alias_name> -keyalg RSA -keystore <your_keystore_filename> -keysize 2048

    2. When prompted, enter and reenter the password.


      Note:

      Do not use the default password of changeit. The password you choose should also be specified in the server.xml configuration file.

    3. When prompted, enter the x.509 attributes of the certificate. Respond to the prompts as appropriate for your organization. The following shows an example of possible values for these attributes:

      /CN=www.example.com
/OU=Example Org Unit
/O=Example Org
/C=US
/ST=Texas
/L=Austin

    4. When prompted, enter the password for the private key alias and select Enter. The private key password is set to the same password used for the Key Store.


      Note:

      Be sure to note the private key and Key Store password. If lost, these cannot be retrieved.

    A Key Store is created in the location specified in <your_keystore_name> and a private key is created in the location specified in <your_alias_name>.

  2. To generate a Certificate Signing Request (CSR), run the following command:

    keytool -certreq -keyalg RSA -alias <your_alias_name> -file certreq.csr -keystore <your_keystore_filename>

    A CSR is created, using the private key specified by <your_alias_name> and the Key Store specified by <your_keystore_filename>.

  3. Once the CSR is saved in a file, send it to the Certificate Authority of your choice. You can get a trial certificate from the following web site:

    https://www.thawte.com

  4. Merge the new certificate with the Signing Authority's CA certificate:

    1. Open the new SSL certificate in a text editor, such as Microsoft Notepad. The following example shows how the file should look:

      -----BEGIN CERTIFICATE-----
         [encoded data]
-----END CERTIFICATE-----

    2. Open the CA certificate in the same text editor used in Step a. Copy and then paste it immediately after the new certificate. The following example shows how the file should look:

      -----BEGIN CERTIFICATE-----
         (Your SSL Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
         (CA certificate)
-----END CERTIFICATE-----

    3. Save the file using a name such as myCert.pem.

  5. Install the SSL Certificate. Using the Java keytool command line utility, import the pem file you created in the previous step:

    keytool -import -alias <your_alias_name> -keystore <your_keystore_filename> -file myCert.pem

    This command imports the certificate into the Key Store specified in <your_keystore_filename>.

  6. Configure the Identity and Trust stores for your web server or application server. Your server must be configured to use the Key Store generated using the previous steps. For instructions on how to do this for your server, see the documentation for the server.

  Previous
Previous 		 Next
Next
  Go To Table Of Contents
Contents