3.1 Create Identity Store with Self-Signed Certificates
Self-signed certificates are acceptable for use in a testing or development environment. Oracle Financial Services Software Limited does not recommend the use of self-signed certificates in a production environment.
You can create the self-signed certificate using the command. For
creating a self-signed certificate, the genkeypair
option provided
by the keytool
utility of Sun Java 6 needs to be utilized.
To create a self-signed certificate:
Browse to the bin folder of JRE from the command prompt and type the following command.
keytool -genkeypair -alias alias -keyalg RSA
-keysize 1024 -sigalg SHA1withRSA -validity 365 -keystore
keystore
Note:
The items highlighted in bold are placeholders and should be replaced with suitable values when running the command.Table 3-1 Description of Placeholders and Attributes
Placeholder/Attribute | Description |
---|---|
|
|
|
|
Keystore Password |
Specify a password that will be used to access the keystore. This password needs to be specified later when configuring the identity store in Oracle Weblogic Server. |
Key Password |
Specify a password that will be used to access the private key stored in the keystore. This password needs to be specified later when configuring the SSL attributes of the managed server(s) in the Oracle Weblogic Server. |
First and Last Name (CN) |
Enter the domain name of the machine used to access Oracle Banking Branch, for instance, www.example.com |
Name of your Organizational Unit |
The name of the department or unit making the request, for example, BPD. Use this field to further identify the SSL Certificate you are creating, for example, by department or by the physical server. |
Name of your Organization |
The name of the organization making the certificate request, for example, Oracle Financial Services Software Limited. It is recommended to use the company or organization's formal name, and this name entered here must match the name found in official records. |
Name of your City or Locality |
The city in which your organization is physically located, for example, Mumbai. |
Name of your State or Province |
The state/province in which your organization is physically located, for example, Maharashtra. |
Two-Letter Country Code for this Unit |
The country in which your organization is physically located, for example, US, UK, IN, etc. |
Note:
The key generation algorithm has been specified as RSA, and the key size as 1024 bits, the signature algorithm as SHA1withRSA, and the validity days as 365. These can be changed to suitable values if the need arises. For further details, please refer to the documentation of the keytool utility in the JDK utilized by the Oracle Weblogic Server.For example:
The result of a sample execution of the command is listed below:
D:\Oracle\weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool -
genkeypair -alias selfcert -keyalg RSA -keysize 1024 -sigalg SHA1withRSA
-validity 365 -keystore D:\keystores\AdminOBREMOKeyStore.jks
Enter keystore password:<Enter a password to protect the
keystore>
Re-enter new password:<Confirm the password keyed
above>
What is your first and last name?
[Unknown]: cvrhp0729.oracle.com
What is the name of your organizational unit?
[Unknown]: BPD
What is the name of your organization?
[Unknown]: Oracle Financial Services Software
Limited
What is the name of your City or Locality?
[Unknown]: Mumbai
What is the name of your State or Province?
[Unknown]: Maharashtra
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=cvrhp0729.oracle.com, OU=BPD, O=Oracle Financial Services,
L=Mumbai, ST=Maharashtra, C=IN correct?
[no]: yes
Enter key password for <selfcert>
(RETURN if same as keystore password):<Enter a password to
protect the key>
Re-enter new password:<Confirm the password keyed
above>
Parent topic: Obtaining the Identity Store