Export Trust and Identity for Clients
You can provide the keys and certificates required to allow Oracle Analytics Server clients, for example, Model Administration Tool, to connect to SSL-enabled servers.
Assumptions:
-
You run commands from the primary host.
-
You can complete this operation online and offline.
Prerequisites
-
Certificates are created using either the configuration assistant or by running
./ssl.sh
regenerate command. -
SSL on WebLogic is enabled.
-
You can perform this task with the system stopped or running.
Use the following command to export client identity and trust to mydir:
./ssl.sh exportclientcerts mydir
Certificates and the zip file are generated.
Post conditions:
-
Mydir contains clientcerts.zip file.
-
Mydir also contains expanded content of the zip file for immediate use:
-
clientcert.pem
-
clientkey.pem
-
identity.jks
-
internaltrust.jks
-
internaltrust/internalca.pem
-
internaltrust/<hashed form of above>
-
-
Java clients can successfully connect with secure option verify server certificate set using
identity.jks
to define identity, and internaltrust.jks for their trust. -
OpenSSL clients such as the Model Administration Tool can successfully connect with secure option verify peer set using
clientcert.pem
andclientkey.pem
to define their identity, andinternalca.pem
as the trust file.