1. Installation Guide
  2. Planning your installation
  3. Installing certificates for signing web service authorizations and deployment packages

Installing certificates for signing web service authorizations and deployment packages

Note:

When creating a private key for the Oracle Central Designer certificate, allow for all key usage purposes, such as digital signature, key encipherment, and data encipherment. If you do not do this, the Job Scheduler issues a Bad key error when it starts, and the same error appears in Oracle Central Designer when accessing objects.
You must install a certificate for each of the following purposes:
  • Signing the web service authorizations.
  • Signing deployment packages and Oracle InForm web service authorizations on the Oracle Central Designer server.

Oracle recommends using certificates issued by trusted commercial Certificate Authorities.

Install certificates to the LOCAL_MACHINE\MY store. Each certificate in the certification path must be 2048 bytes. For more information about converting existing certificates, see the Microsoft support website.

For each certificate:
  1. Open a command prompt window.
  2. Run the following command: 
    certutil -f -importpfx -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" <full path to the pfx file> NoExport
  3. Enter the password for the PFX file, and press Enter.

The Oracle Central Designer installation process grants Full Control to access the certificate private keys to the IIS AppPool\DefaultAppPool user and the NETWORK SERVICE user.

If a user other than the IIS AppPool\DefaultAppPool user is running the DefaultAppPool application pool, you must grant the user Full Control to access the private keys, or the user is unable to sign using the certificates. This content is used in the STEP Certificate for web service authorizations topic.

To grant a user other than IIS AppPool\DefaultAppPool Full Control to the private keys, for each certificate:
  1. Select Start, enter mmc, and press Enter.

    The Microsoft Management console appears.

  2. Select File > Add/Remove Snap-in.

    The Add or Remove Snap-ins dialog box appears.

  3. In the list of available snap-ins, select Certificates.
  4. Click Add.

    The Add dialog box appears.

  5. Click Computer account.
  6. Click Next.
  7. Click Local Computer.
  8. Click Finish.
  9. Click OK.
  10. In the left pane of the console, select Certificates (Local Computer) > Personal > Certificates.
  11. Right-click the certificate and select All Tasks > Manage Private Keys.
  12. Click Add > Locations, and then select the computer name.
  13. Click Advanced > Find Now, select the user, and grant them Full Control.

    If the user does not appear in the search results, type the user name in the Select Users or Groups dialog box.

  14. Click OK.

Parent topic: Planning your installation