Configure a Certificate Record

Use the certificate-record object to add a certificate record to the Oracle® Enterprise Session Border Controller (E-SBC). The certificate record configuration represents either the end-entity or the Certificate Authority (CA) certificate on the E-SBC.

When you configure a certificate for the E-SBC, the name that you enter must be the same as the name that you use when you generate a certificate request. If configuring for an end stations CA certificate for mutual authentication, the certificate name must be the same name used during the import procedure.

  • If this certificate record is used to present an end-entity certificate, associate a private key with this certificate record by using a certificate request.
  • If this certificate record is created to hold a CA certificate or certificate in PKCS12 format, a private key is not required.
  1. Access the certificate-record configuration element.
    ORACLE# configure terminal
    ORACLE(configure)# security
    ORACLE(security)# certificate record
    ORACLE(certificate-record)# 
  2. Do the following:

    name—Enter the name of the certificate record. Required.

    country—Enter the name of the country. Default: U.S.

    state—Enter the name of the state of for the country. Default: MA.

    locality—Enter the name of the locality for the state. Default: Burlington.

    organization—Enter the name of the organization holding the certificate. Default: Engineering.

    unit—Enter the name of the unit for the holding the certificate within the organization.

    common-name—Enter the common name for the certificate record.

    key-size—Enter the size of the key for the certificate. Default:1024 Valid values: 512 | 2048 | 4096.

    alternate-name—Enter the alternate name of the certificate holder.

    key-usage-list—Enter the usage extensions you want to use with this certificate record. This parameter can be configured with multiple values, and it defaults to the combination of digitalSignature and keyEncipherment. For a list of possible values and their descriptions, see "Key Usage Control."

    extended-key-usage-list—Enter the extended key usage extensions you want to use with this certificate record. Default: serverAuth. For a list of possible values and their descriptions, see "Key Usage Control."

  3. Type done to save your configuration.

To verify a certificate record, see "Security" in the ACLI Configuration Guide.