3.1 Create Identity Store with Self-Signed Certificates

This topic provides the information to create the identity store with self-signed certificates.

Self-signed certificates are acceptable for use in a testing or development environment. Oracle Financial Services does not recommend the use of self-signed certificates in a production environment.

To create a self-signed certificate, the genkeypair option provided by the keytool utility of Sun Java 6 needs to be utilized.

Create Self-Signed Certificate

Browse to the bin folder of JRE from the command prompt and type the following command. The items highlighted are placeholders, and should be replaced with suitable values when running the command.

keytool -genkeypair -alias alias -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -validity 365 -keystore keystore

Table 3-1 Keyword Description

Keyword	Description
alias	Used to identify the public and private key pair created. This alias is required later when configuring the SSL attributes for the managed servers in Oracle Weblogic Server.
keystore	It is used to specify the location of the JKS file. If no JKS file is present in the path provided, one will be created.

The command prompts for the following attributes of the certificate and keystore:

Table 3-2 Attributes Details

Attributes	Description
Keystore Password	Specify a password used to access the Keystore. This password needs to be specified later when configuring the identity store in Kafka server.
Key Password	Specify a password used to access the private key stored in the Keystore. This password needs to be specified later, when configuring the SSL attributes of the managed server(s) in Oracle Weblogic Server.
First and Last Name (CN)	Enter the domain name of the machine used to access Oracle Banking Virtual Account Management. For example, www.example.com.
Name of your Organizational Unit	The name of the department or unit making the request. For example, BDP. Use this field to further identify the SSL Certificate for creating. For example, by department or by physical server.
Name of your Organization	The name of the organization making the certificate request. For example, Oracle Financial Services. It is recommended to use the company or organization's formal name, and this name entered here must match the name found in official records.
Name of your City or Locality	The city in which your organization is physically located. For example, Mumbai.
Name of your State or Province	The state/province in which your organization is physically located. For example, Maharashtra.
Two-letter Country Code for this Unit	The country in which your organization is physically located. For example, US, UK, IN, etc.

The key generation algorithm has been specified as RSA, the key size as 1024 bits, the signature algorithm as SHA1withRSA,and the validity days as 365. These can be changed to suitable values if the need arises. For further details, please refer to the documentation of the keytool utility in the JDK utilized by Oracle WebLogic Server.

The sample execution command is listed below:

D:\Oracle\weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool -genkeypair -alias selfcert -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -validity 365 -keystore D:\keystores\AdminOBVAMKeyStore.jks
Enter keystore password: <Enter a password to protect the keystore>
Re-enter new password: <Confirm the password keyed above>
What is your first and last
  name? [Unknown]:
  cvrhp0729.oracle.com
What is the name of your organizational
  unit? [Unknown]: BPD
What is the name of your
  organization? [Unknown]: Oracle
  Financial Services
What is the name of your City or
  Locality? [Unknown]: Mumbai
What is the name of your State or Province?
  [Unknown]: Maharashtra
What is the two-letter country code for this
  unit? [Unknown]: IN
Is CN=cvrhp0729.i-flex.com, OU=BPD, O=Oracle Financial Services, L=Mumbai, ST=Maharashtra, C=IN correct?
  [no]: yes
Enter key password for <selfcert>
RETURN if same as keystore password): <Enter a password to protect the key>
Re-enter new password: <Confirm the password keyed above>