Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Previous PageGo to page 1 of 15Go to page 2 of 15Go to page 3 of 15Go to page 4 of 15Go to page 5 of 15Current page 6 of 15Go to page 7 of 15Go to page 8 of 15Go to page 9 of 15Go to page 10 of 15Go to page 11 of 15Go to page 12 of 15Go to page 13 of 15Go to page 14 of 15Go to page 15 of 15Next Page
 

 

Windows Integration: SSL Wallet Creation

Creating a wallet for SSL connectivity between OID and AD

In this hands-on exercise you will configure a wallet that is necessary for SSL connectivity between OID and AD. This enable you to safely move sensitive data such as passwords between OID and AD.

Requesting a certificate

Step 1. Start the Oracle Wallet Manager

Example:

# owm

Step 2. From the "Wallet" menu in Oracle Wallet Manager, select "New".

If you get a message indicating your default wallet directory does not exist and asks you if you want to continue select "Yes".

Step 3. Enter a password for the new wallet. Remember this password as you will need it later.

Step 4. When prompted to create a certificate request select "Yes".

Step 5. Fill in the Certificate Request Form.

Step 6. From the "Operations" menu select "Export Certificate Request".

Step 7. Select the file name and location for the Certificate Request.

Watch a viewlet to see how its done.

Processing the certificate request

In this exercise we will move the certificate request from the server to a PC using ftp. Then, Using the Oracle Certificate Authority, we will process the request and send the new certificate as well as the Certificate Authorities root certificate back to the server.

Step 1. Move the certificate request file to your PC.

Step 2. Process the request in OCA.

Step 3. Get your new certificate request approved.

Step 4. Copy your new certificate to a file.

Step 5. Copy the OCA root certificate to a file.

Step 6. Move both the new certificate and the OCA Root certificate back to the server.

Here is a viewlet to show you how its done.

 

Exporting your MS AD Root certificate

We will also need to import the AD root certificate into your wallet. Follow these steps to get your AD root certificate.

Step 1. Find your AD root certificate file and open it.

Step 2. Select the "Details" tab.

Step 3. Select the "Copy to File" button.

Step 4. When the Certificate Export Wizard comes up it will ask you what file format you want. Select "Base-64 encoded X509".

Step 5. Give your certificate a name.

Step 6. Move your AD root certificate file to the OID server.

Watch a viewlet to see how its done.

 

Importing your new certificate and Trust Points into your wallet

The next steps will complete the wallet and test it to make sure it is working.

Step 1. The root certificate issued by the Oracle Certificate Authority must be imported into the wallet before the user certificate. From the "Operations" menu in Oracle Wallet Manager, select "Import Trusted Certificate".

Step 2. Navigate to the directory where your OCA root certificate file is located. Select the OCA root certificate file. After this you should see the new trusted certificate in the "Trusted Certificate" tree.

Step 3. From the "Operations" menu in Oracle Wallet Manager, select "Import User Certificate".

Step 4. Navigate to the directory where your new user certificate is located. Select the user certificate file. After this you should see the certificate status change from "Requested" to "Ready".

Step 5. The Root Certificate from the AD server must also be imported into the wallet as well. From the "Operations" menu select "Import Trusted Certificate".

Step 6. Navigate to the directory where your AD root certificate is located. Select the AD root certificate file. After this you should see another new trusted certificate in the "Trusted Certificate" tree.

Step 7. From the "Wallet" menu select "Auto Login".

Step 8. Save the wallet to a file. In our example we will save the file to the /u01 directory because that is where we set the new OID server configset1 to look for the wallet.

Step 9. Test your new wallet. The following is a sample test command you can use to verify you are able to bind to the AD server's SSL port from the OID server side:

ldapbind -p 636 -h 138.1.145.160 -U 2 -P wallet_password -W file:/u01

In this example the wallet file is called ewallet.p12 and is located in the /u01 directory but in the command you only put the name of the directory where the wallet is located, not the wallet file name itself.

Watch this viewlet to see how its done.
Oracle Logo Next Page