Deploying Certificates Used for Secure ICCP

The following sections outline steps to deploy certificates required to use Secure ICCP with Oracle Utilities Live Energy Connect. You must follow these steps in order.

On this page:

Deploy the Local Oracle Utilities Live Energy Connect Server’s SSL/TSL Certificates

Copy this certificate to the \Private\ folder of the Stunnel installation location and save it as Private.pem. Typically, the full file path for this directory is: C:\ProgramFiles\LiveEnergyConnect\stunnel\config\Private\.

Note: The first time you use deploy certificates for Secure ICCP you need to create the \Private\ sub-directory.

Deploy the Remote ICCP Peers’ Public SSL/TLS Certificate(s) and Associated CA Certificates

  1. Obtain a copy(s) of the public certificate(s) for the remote ICCP peer or peers in PEM format.
  2. Use OpenSSL or a similar tool to get the secure hash for each remote server’s public certificate. For example, if the remote server’s public certificate is called BSideSSLPublic.pem, use the command: openssl x509 -inform PEM -in BSideSSLPublic.pem -noout -hash
  3. Using the generated hash value as part of the destination file name, copy each ICCP peer certificate to the \Public\ folder of the Stunnel installation location.
  4. Save the certificate in this directory as <the returned hash value>.0. For example, if the returned hash value from the command above was 36af25a7, save the copy of the remote server’s public certificate as C:\Program Files\LiveEnergyConnect\stunnel\config\Public\36af25a7.0.
  5. Repeat steps 1-4 for the public CA certificate that is used to sign each remote SSL certificate.

Note: If the same CA is used to sign multiple SSL certificates, then you only need to do this once for that CA certificate.

The following diagram outlines the SSL/TLS certificate deployment procedures:

Diagram showing how to deploy ICCP 1

Back to Top

Deploy the Local VCC(s) ACSE Certificates

  1. Obtain the private ACSE certificate for the local VCC(s) in PEM format. The certificate must be a private certificate with the RSA key embedded, and with RSA password removed.
  2. In the installation directory, under the Server directory, create a certificates directory. Typically, this folder’s path will be C:\Program Files\LiveEnergyConnect\Server\certificates.
  3. For each local VCC, create a folder under C:\Program Files\LiveEnergyConnect\Server\certificates named for the local VCC. The name of this folder must exactly match the name of the local VCC . For example, if your local VCC was named VCC_A, then this folder’s path would be: C:\Program Files\LiveEnergyConnect\Server\certificates\VCC_A.
  4. Copy the ACSE certificate to the local VCC folder you created in step 3 as Private.cer.
  5. Use OpenSSL or similar procedure to create a public copy of the ACSE certificate in DER format, and copy to the local VCC folder you created in step 3 as Public.der. For example: openssl x509 -outform der -in ASideACSEPublic.pem -out Public.der

Back to Top

Deploy the Remote VCC(s) Public ACSE Certificate(s) and Associated CA Certificate(s)

  1. Obtain a copy of the public ACSE certificate(s) for each remote peer VCC, and a copy of the CA certificate(s) used to sign them in PEM format.
  2. For each remote VCC, create a folder under the C:\Program Files\LiveEnergyConnect\Server\certificates directory named for that remote VCC. The name of this folder must exactly match the name of the remote VCC. For example, if the remote VCC was named VCC_B in the server, the folder’s path would be: C:\Program Files\LiveEnergyConnect\Server\certificates\VCC_B.
  3. Copy the public ACSE certificates for the remote VCC to the folder you created in step 2. In this step, the file name is not important, but the file must have a .pem or.cer file extension.
  4. Copy the CA certificate used to sign the remotes VCC’s public certificate to the folder you created in step 2 as CA_certificate.cer.

The following diagram summarizes the ACSE certificate deployment procedures:

Diagram of the ACSE certificate deployment procedures

Refer to Configuring Live Energy Connect for Secure ICCP for more information about using Secure ICCP with Live Energy Connect.

Note: If you have any trouble with the procedures outlined above, contact My Oracle Support.

Back to Top