User's Guide
User Certificates and Private Keys
The following sections describe how to work with certificates and private keys:
About user certificates and private keys
An application using network services through an OSA/Parlay gateway acts as an OSA/Parlay client towards the OSA/Parlay gateway. The OSA/Parlay client and the OSA/Parlay gateway's framework authenticate using user certificates and private keys.
When an application account is registered, an OSA/Parlay client for the application is created. This OSA/Parlay client imports the OSA/Parlay gateway's user certificate and provides its user certificate to the OSA/Parlay gateway. A part of creating the OSA/Parlay client is to generate the OSA/Parlay client's user certificate and private key.
About the certificate builder
The certificate builder is a tool for generating user certificates and private keys. It can be used stand alone and through an Network Gatekeeper Management Tool. The same functions are provided in both cases. The stand alone version of the certificate builder is shown in Figure 22-1.
Some fields in the certificate builder are used differently depending on what function the user certificate and private key is generated for. The specific usage of all fields are described in Table 22-3.
Table 22-3 Description of the Fields in the Certificate Builder
Field
|
Description
|
Filename
|
Specifies the file names of the generated user certificate and private key pair.
Example:
If Filename is set to myApplication , your files will be named:
|
Domain ID
|
The clientAppID (appID\entOpID) related to the application's OSA/Parlay client should be entered.
The clientAppID is provided by the OSA/Parlay gateway operator.
|
Country
|
The country BEA WebLogic Network Gatekeeper is located in.
|
Province
|
The province or state BEA WebLogic Network Gatekeeper is located in.
|
City
|
The city BEA WebLogic Network Gatekeeper is located in.
|
Name
|
Contact person at your organization.
|
E-mail
|
The contact person's e-mail address.
|
Start date
|
The first date (YYYY-MM-DD) the certificate will be valid.
|
End date
|
The last date (YYYY-MM-DD) the certificate will be valid.
|
Path
|
The path to the directory where the user certificate and private key will be stored. Only existing directories can be specified.
When importing a private key from a directory there must be only two files in the directory. That is, the private key and its user certificate. Therefore, it is recommended that you create a new directory for each pair of private key and user certificate you create.
|
Password
|
Defines a password that will be needed when importing the private key. Keep a note of the password, you will need it later.
Note that this is the private key's password. When you import the private key in the keystore, you will also need the keystore's password. The keystore's password is defined the first time you import a private key or user certificate in the keystore.
|
Generating certificates and private keys
Follow the instruction below to generate a user certificate and private key pair.
If you perform the task through an Network Gatekeeper Management Tool, remember that the user certificate and private key will be stored on the server the Network Gatekeeper Management Tool is connected to. That is, where the SLEE runs.
Using the certificate builder stand alone
- Start the certificate builder.
- Go to the /usr/local/slee/bin/ directory.
- Start the certificate builder. Enter command:
./runCertBuilder.sh
- Generate the user certificate and private key. Click the Build button.
The user certificate and private key files are stored in the specified directory.
Using the certificate builder through an Network Gatekeeper Management Tool
- Start an Network Gatekeeper Management Tool and log in.
- Double-click the cert_builder service.
- Double-click the buildCertificate method.
The user certificate and private key files are stored in the specified directory.