Skip navigation.

eDocs Home > BEA WebLogic Network Gatekeeper 1.0 Documentation > User's Guide > User Certificates and Private Keys

User's Guide

  Previous Next vertical dots separating previous/next from contents/index/pdf Contents View as PDF  
Get
Adobe Reader

User Certificates and Private Keys

The following sections describe how to work with certificates and private keys:

 

About user certificates and private keys

An application using network services through an OSA/Parlay gateway acts as an OSA/Parlay client towards the OSA/Parlay gateway. The OSA/Parlay client and the OSA/Parlay gateway's framework authenticate using user certificates and private keys.

When an application account is registered, an OSA/Parlay client for the application is created. This OSA/Parlay client imports the OSA/Parlay gateway's user certificate and provides its user certificate to the OSA/Parlay gateway. A part of creating the OSA/Parlay client is to generate the OSA/Parlay client's user certificate and private key.

 

About the certificate builder

The certificate builder is a tool for generating user certificates and private keys. It can be used stand alone and through an Network Gatekeeper Management Tool. The same functions are provided in both cases. The stand alone version of the certificate builder is shown in Figure 22-1.


 

Some fields in the certificate builder are used differently depending on what function the user certificate and private key is generated for. The specific usage of all fields are described in Table 22-3.

Table 22-3 Description of the Fields in the Certificate Builder

Field

Description

Filename

Specifies the file names of the generated user certificate and private key pair.

Example:

If Filename is set to myApplication, your files will be named:

  • myApplication.key (the private key)

  • myApplication.der (the user certificate).

Domain ID

The clientAppID (appID\entOpID) related to the application's OSA/Parlay client should be entered.

The clientAppID is provided by the OSA/Parlay gateway operator.

Country

The country BEA WebLogic Network Gatekeeper is located in.

Province

The province or state BEA WebLogic Network Gatekeeper is located in.

City

The city BEA WebLogic Network Gatekeeper is located in.

Name

Contact person at your organization.

E-mail

The contact person's e-mail address.

Start date

The first date (YYYY-MM-DD) the certificate will be valid.

End date

The last date (YYYY-MM-DD) the certificate will be valid.

Path

The path to the directory where the user certificate and private key will be stored. Only existing directories can be specified.

When importing a private key from a directory there must be only two files in the directory. That is, the private key and its user certificate. Therefore, it is recommended that you create a new directory for each pair of private key and user certificate you create.

Password

Defines a password that will be needed when importing the private key. Keep a note of the password, you will need it later.

Note that this is the private key's password. When you import the private key in the keystore, you will also need the keystore's password. The keystore's password is defined the first time you import a private key or user certificate in the keystore.

 

Generating certificates and private keys

Follow the instruction below to generate a user certificate and private key pair.

If you perform the task through an Network Gatekeeper Management Tool, remember that the user certificate and private key will be stored on the server the Network Gatekeeper Management Tool is connected to. That is, where the SLEE runs.

Using the certificate builder stand alone

  1. Start the certificate builder.
    1. Open a command window.
  2. Go to the /usr/local/slee/bin/ directory.
  3. Start the certificate builder. Enter command: ./runCertBuilder.sh
  4. Enter the user certificate and private key data according to Table 22-3 on page 4.
  5. Generate the user certificate and private key. Click the Build button.

    6. The user certificate and private key files are stored in the specified directory.

Using the certificate builder through an Network Gatekeeper Management Tool

  1. Start an Network Gatekeeper Management Tool and log in.
  2. Select any SLEE.
  3. Double-click the cert_builder service.
  4. Double-click the buildCertificate method.
  5. Enter the user certificate and private key data according to Table 22-3 on page 4.
  6. Click Invoke.

    7. The user certificate and private key files are stored in the specified directory.

 

Skip navigation bar  Back to Top Previous Next