Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Previous PageGo to page 1 of 6Current page 2 of 6Go to page 3 of 6Go to page 4 of 6Go to page 5 of 6Go to page 6 of 6Next Page
 

 

Getting started with OCA: Initializing the OCA Server

After installing OCA it will be necessary to perform some minor configuration steps to enable OCA to issue and manage digital certificates.

Topics covered in this lesson

Starting the Oracle Certificate Authority

Configuring OCA to Manage Certificates. aka Web Administration enrollment

 

Starting the Oracle Certificate Authority

There are two processes that need to be started to get OCA running. The first process is an OC4J process that supports the OCA server process. The second is the OCA server process itself. Immediately following installation, OCA should be running. If it is not running you can start OCA with the following commands:

Starting the OC4J supporting process for OCA

# opmnctl startproc type=oc4j instancename=oca

Starting the OCA server process

# ./$ORACLE_HOME/oca/bin/ocactl start

The OCA server process can only be started from the command line. However, you can start and stop the OC4J supporting process for OCA from the 10g AS EM admin console. To start this process, open a browser and navigate to the following URL:

http://host.domain.com:1810

Substitute your own EM admin console FQDN and port number in this URL.

Once you login to the admin console you should see a page that looks like this:

Select the "Standalone Instance" link for your infrastructure.

The next page you will see shows all of the components of your infrastructure. Select "OCA".

The next page you see will allow you to stop, start, or restart the OC4J supporting process for OCA.

Remember that after starting the OC4J supporting process you must also start the OCA server process from the command line.

Configuring OCA to Manage Certificates. AKA Web Administration enrollment

Before we begin, you will need to know the port number that the OCA server is listening on. Typically the default port number will be 4400 for secure HTTPS or 4401 for no authentication. If you are not sure what port number OCA is listening on, you can find out by looking at the "portlist.ini" file located in the $ORACLE_HOME/install directory.

Open a browser to the following URL:

https://host.domain.com:4400/oca/admin

Notice that this URL is using "https", not "http".

When you first try to connect to OCA, the OCA server will try to issue your browser the OCA servers trust point certificate. Accept this certificate.

Since we have not yet initialized OCA you should see a page that looks like this after accepting the certificate.

On this page you will see a link which reads "Click here". Click on this link to continue to the "Web Administrator Enrollment" page.

Here is what the page looks like:

Fill in the "DN Information". The "Common Name" field is subjective so create a name that is meaningful to the task of your OCA administrator.

The "Organizational Unit" field should be set to the organizational unit that OCA belongs to.

The "Organization" field should be set to the organization OCA belongs to. Typically this is the domain name of the server that OCA is running on.

Next we need to set a password for the administrator and choose our certificate information such as encryption key length and the expiration date of the certificate.

After filling out the form click on the "Submit" button.

Next you will be prompted for the "Software Security Device" master password. Enter the password you submitted in the admin enrollment form.

Once your OCA root certificate is issued, you will see a button at the bottom of the form that will import your OCA server (Trust Point) certificate into your browser. Click on this button.

Verify your trust point certificate has been imported into your browser. If you are using Mozilla or Netscape follow these steps:

From your browser, navigate to the "Edit" menu -> "Preferences".

In the preferences menu select "Privacy & Security" -> "Certificates".

Select the "Manage Certificates" button.

Select the "Authorities" tab and view your new OCA trust point certificate that you imported into the browser.

Important Note:

From now on your must have this administration certificate in your browser in order to perform any of the administration tasks in OCA. It is advisable that you make a backup copy of this digital certificate on a removable disk media such as a floppy disk and lock it up in a secure location. This will come in handy if you should accidentally lose your OCA administration certificate by removing it from your browser or if you should switch to a different machine or browser.

The next time you navigate in your browser to the URL https://host.domain.com/4400/oca/admin the page will look much different and you will be able to start managing certificates. Here is what the same URL looks like after completing the Web Administration Enrollment Form.

Watch a viewlet to see how its done.
Oracle Logo Next Page