Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Validate Custom CA SSL Certificate Configuration in Java Client

After uploading a custom CA SSL Certificate and private key to Oracle ILOM, perform the following steps to verify that the Java client is properly configured to validate the custom CA SLL certificate and private key.

  1. Verify that the required root CA certificate or intermediate root CA certificate is configured in client side Java keystore. To view the Java keystore, use the keytool command with the -list option, for example:
    • On a Windows system, at the prompt, type:

      keytool -list -keystore "c:\Program Files (x86)\Java\jre<version>\lib\security\cacerts

    • On a Linux system, at the prompt, type:

      keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

  2. Locate the alias and/or fingerprint of the root CA certificate or intermediate root CA certificate that is required by the custom CA certificate currently configured in Oracle ILOM, then perform one of the following:
    • If the required root CA Certificate or intermediate root CA certificate is present in the Java keystore, you can, at any time, proceed to start the Oracle ILOM remote KVMS console at any time.

    • If the required root CA Certificate or intermediate root CA certificate is missing in the Java keystore, consult with your security officer or system administrator prior to continuing this procedure to add the missing the CA certificate details to the Java keystore.

  3. Use the -importcert keytool command to add the missing root CA certificate or intermediate root CA certificate to the Java keystore. For example:
    • On a Windows system, at the prompt, type:


      Note -  The -importcert command needs to be run an administrator. To start a command prompt as an administrator on a Windows systems: Click Start, click All Programs, and then click Accessories. Right-click Command prompt, and then click Run as administrator.

      keytool -importcert -alias certalias -file root-ca-cert -keystore "c:\Program Files (x86)\Java\jre<version>\lib\security\cacerts"

    • On a Linux system, at the prompt, type:

      keytool -importcert -alias certalias -file root-ca-cert -keystore $JAVA_HOME/jre/lib/security/cacerts

  4. Verify that the required root CA certificate or intermediate root CA certificate is now available in the Java keystore using the keytool command with the -list and -alias options, for example:
    • On a Windows system, at the prompt, type:

      keytool -list -alias certalias -keystore "c:\Program Files (x86)\Java\jre<version>\lib\security\cacerts"

    • On a Linux system, at the prompt, type:

      keytool -list -alias certalias -keystore $JAVA_HOME/jre/lib/security/cacerts