1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Procedure for Installing OAA, OARM, and OUA
  4. Prerequisite Configurations for Installing OAA, OARM, and OUA
  5. Generating Server Certificates and Trusted Certificates
  6. Adding the OAM Certificate to the Truststore

4.2.8.3 Adding the OAM Certificate to the Truststore

If you access your OAM server via HTTPS then you must add the OAM certificates to the truststore in order to establish trust between OAA and OAM.

For the purposes of this documentation, the OAM certificate refers to the certificate used when accessing OAM. For example if you access OAM via a HTTPS Load Balancer URL, then OAM certificate refers to the certificate of the load balancer.

In order to import the OAM certificate to the truststore, you will need the OAM server certficate in PEM format, for example oam.pem.

This documentation does not explain how to get the OAM certificate, but if you access OAM via Firefox or Chrome then you can export it from the browser.

The following steps show how to import the certificate into the truststore:
  1. Navigate to the $WORKDIR where you created your OAA certificates and keystores, and copy the OAM server certificate oam.pem across. For example: 
    cd $WORKDIR/oaa_ssl
cp <PATH>/oam.pem .
  2. If the OAM certificate is not in PEM format, for example it is in DER format oam.der, it can be converted using the following command:
    openssl x509 -inform der -in oam.der -out oam.pem
  3. Export the existing Certificate Authority to a certificate bundle:
    openssl pkcs12 -in trust.p12 -out bundle_export.pem -cacerts -nokeys -passin pass:<password>
  4. Copy the OAM certificate into the certificate bundle:
    cat oam.pem bundle_export.pem >> bundle_oam.pem
  5. Create a new trust store from the certificate bundle:
    openssl pkcs12 -export -in bundle_oam.pem -nokeys -out trust_new.p12 -passout pass:<password>

Note:

The new trust_new.p12 and password is used in the following properties later in the installOAA.properties:
  • common.deployment.trustcert=trust_new.p12
  • common.deployment.truststorepassphrase=<password> where <password> is the password for the trust_new.p12
  • common.local.trustcert=<PATH_TO>/trust_new.p12

For more information on these parameters, see Preparing the Properties file for Installation.