10.5 Certificates for ExaCLI

Security certificates allow the remote nodes to confirm their identity to ExaCLI.

All communication between ExaCLI and Management Server (MS) running on the remote node is over HTTPS. Management Server is deployed with a default self-signed security certificate for HTTPS access. Optionally, you can upload a different security certificate issued by a Certificate Authority (CA).

Trusted CA Certificates can be listed by running the following command on the machine where ExaCLI is run:

$JAVA_HOME/bin/keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass password

• Using a Self-Signed Certificate
  A security certificate must be signed by a trusted certificate authority (CA) for ExaCLI to accept it without a warning.
• Specifying a Security Certificate
  The Oracle Exadata administrator can specify new security certificates as required.