Switching Oracle FPP Client to a New Custom Certificate

You can switch the Oracle FPP Client to use a new custom security certificate to replace self-signed certificate or update expired certificate.

1. Perform a sanity check from the Oracle FPP Client to ensure that the client can connect to the server.

   $ rhpctl query server

2. Generate a P12 file from the security certificate that you want to use for the Oracle FPP Client configuration.

   $ openssl pkcs12 -export -inkey ${SERVER_KEY} -passin pass:${PASS} -in ${SERVER_CRT} 
   -name orakey -certfile ${CA_CRT} -caname cakey -out ${P12_FILE} -password pass:${P12_PASS}

3. Configure Oracle FPP Client to use the new custom certificate from the generated P12 file and provide a name for this certificate.

   $ srvctl stop rhpclient
   # srvctl modify rhpserver -p12certpath P12_file_path -certname cert_name

4. Configure the Oracle FPP Client to store Oracle FPP Server's public key along with the new custom certificate.
   1. On the Oracle FPP Server, export credentials from the Oracle FPP Server to a client data file and copy the generated credential file securely to the Oracle FPP Client cluster..

      $ rhpctl export client -client cluster_name -clientdata file_path

   2. On the Oracle FPP Client, update the public security key of the Oracle FPP Server..

      # srvctl modify rhpclient -clientdata file_path
      $ srvctl start rhpclient

      This command updates Oracle FPP Client's public key on the Oracle FPP Server.
5. Perform a sanity check from the Oracle FPP Client to ensure that the client can connect to the server.

   $ rhpctl query server

6. If you want to configure custom security certificate on other Oracle FPP Clients, then repeat steps 1 through 5 on those Oracle FPP Client cluster nodes.