Ask a Question

General Information ID : INFO131

Managed PKI for SSL - Generate Certificate Signing Request (CSR) using Oracle Wallet Manager

Description


This document provides instructions for generating a Certificate Signing Request (CSR) for Oracle Wallet Manager. If you are unable to use these instructions for your server, Symantec recommends that you contact Oracle.
 
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

Step 1: Create a new wallet for Oracle Wallet Manager

         NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size.
  1. From the menu bar, select Wallet > New
  2. Enter the password twice > click OK
    NOTE: The password must contain eight alphanumeric characters and special characters
  3. Select Add a certificate request.  If not, select Cancel > select Wallet > Save in the system default to save the new wallet
     

Step 2: Create a Certificate Signing Request (CSR) for Oracle Wallet Manager

  1. Select Operations > Add Certificate Request
  2. A dialog box will appear to enter your certificate information
    For explaination of required CSR fields, refer to solution SO7289
  3. Select OK
     
Step 3: Export CSR into text file for submission to the Managed PKI for SSL Subscriber Services enrollment page:
 
  1. From the menu bar, choose Operations > Export Certificate Request. The 'Export Certificate Request' dialog box appears.
  2. Enter the file system directory in which you want to save the Certificate Request, or navigate to the directory structure under 'Folders'.
  3. In the Enter File Name field, enter a file name to save your Certificate Request.
  4. Choose OK. A message at the bottom of the window confirms that the Certificate Request was successfully exported to the file. 
    NOTE: You are returned to the Oracle Wallet Manager main window.
  5. Obtain the Subscriber Services URL for enrollment and lifecycle services from the Managed PKI for SSL Administrator. Use the exported Certificate Request file to enroll for the SSL certificate.
    NOTE: Jinitiator needs to have Wallet Manager installed to enable Https connections.
 
Contact Information
 
        Your Managed PKI for SSL Administrator is responsible for issuing the certificate after your enrollment has been completed. 
        Please contact him/her for assistance. Technical support for Managed PKI for SSL is available only to authorized technical contacts.
 

Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO22273