1. Administering Oracle Cloud Identity Management
  2. Managing OAuth Resources and Clients
  3. Importing an OAuth Certificate from a Key Pair

Importing an OAuth Certificate from a Key Pair

Import and associate an OAuth certificate with an OAuth client. This is mandatory for trusted clients and optional for untrusted clients.

The OAuth Administration page provides a helper function to generate and download a key pair, which contains a private key and the corresponding certificate. The key pair file is in the PKCS#12 format. PKCS #12 is one of the standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories. The file name extension is usually .p12, but may have the older .pfx extension. You don’t have to use the helper function. You can generate the key pair by other means. (Some applications and operating systems include key pair generators.) If you’ve a certificate from another signing authority, there is no need to generate a key pair.
  1. From the OAuth Administration page, go to the Manage Certificates section, and then click Create Key Pair.
    The Generate Key Pair dialog box appears.
  2. Enter the appropriate information in the Subject DN and Key Store Password fields.
  3. Click Generate.
  4. After downloading the generated key pair, extract the private key and the corresponding certificate by using a tool such as the openssl command-line tool on Linux or UNIX, or the Certificate Import and Certificate Export wizards on Windows. For more information, see Extracting a Certificate by Using openssl and Extracting a Certificate by Using the Certificate Import and Certificate Export Wizards. The extracted file is a DER-encoded certificate. Distinguished Encoding Rules (DER) define a set of rules for encoding. The certificate file has the extension .cer.
  5. Extract the certificate from the key pair.
    The Import Certificate dialog box appears.
  6. To associate the certificate with a specific client, see Associating a Certificate with an OAuth Client.
Store the PKCS#12 format key pair securely and don’t share it. The OAuth client uses this key pair to sign OAuth protocol messages sent to the OAuth service in Oracle Cloud.