10.5 Certificates for ExaCLI

Security certificates allow the remote nodes to confirm their identity to ExaCLI.

All communication between ExaCLI and Management Server (MS) running on the remote node is over HTTPS. Management Server is deployed with a default self-signed security certificate for HTTPS access. Optionally, you can upload a different security certificate issued by a Certificate Authority (CA).

Trusted CA Certificates can be listed by running the following command on the machine where ExaCLI is run:

$JAVA_HOME/bin/keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass password

• Using the Default Self-Signed Certificate
  A security certificate must be signed by a trusted certificate authority (CA) for ExaCLI to accept it without a warning.
• Using a CA-Certified Security Certificate
  The Oracle Exadata Database Machine administrator can supply CA-certified security certificates, if they are needed for your environment.