    

**********************************************************
* Description: Oracle KEYTOOL to insert trust certificate
* Date: 03:19 PM EST, 10/01/2020                         
**********************************************************

		 
<1> The JSSE makes use of files called KeyStores and TrustStores:
     |
     |__ o. A KeyStore consists of a database containing a private key and an associated certificate, or an associated certificate chain. 
     |      The certificate chain consists of the client certificate and one or more certification authority (CA) certificates.
     |
     |
     |__ o. A TrustStore contains only the certificates trusted by the client (a “trust” store). 
     |      These certificates are CA root certificates, that is, self-signed certificates.
     |
     |
     |__ o. The KeyStore is used by the adapter for client authentication, while the TrustStore is used to authenticate a server in SSL authentication.

	
	
	
	
<2> Backup Existing KeyStore(JKS Type):
     |
     |__ $ cp -p $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks.09302020
	 
	 
	
	

<3> Keytool - list certificate within existing keystore:
     |
     |__ $ keytool -list -alias emeralit -keystore $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
	
	
                 emeralit, Sep 30, 2020, trustedCertEntry,
                 Certificate fingerprint (SHA1): D1:0F:D4:73:E9:C4:49:25:F6:C8:9B:6F:8F:DB:49:48:85:B8:2D:FD	
	
	
	
	
<4> Keytool - import new trust certificate:
     |
     |__ $ keytool -importcert -alias emeralit -trustcacerts -file /tmp/new_cert.cer -keystore $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase

	 
                 Owner: CN=emeralit - signintest.emeralit.com
                 Issuer: CN=emeralit - signintest.emeralit.com
                 Serial number: 5a4a0b75b2cdb29e494c93c4c3ae0273
                 Valid from: Wed Sep 02 15:05:45 EDT 2020 until: Sat Sep 02 15:05:45 EDT 2023
                 Certificate fingerprints:
                 		 MD5:  F4:88:D0:1D:F5:78:98:68:4E:CD:07:62:4B:CE:DF:65
                 		 SHA1: D1:0F:D4:49:E9:D4:19:64:F6:E8:9B:6F:8F:EF:49:48:85:B6:7D:FD
                 		 SHA256: E0:33:4B:32:F1:C5:CB:61:A3:2C:EA:30:9F:2D:2F:9D:87:C9:71:E6:14:C0:E5:F8:9C:E2:01:0F:DE:C0:EF:63
                 Signature algorithm name: SHA256withRSA
                 Subject Public Key Algorithm: 2048-bit RSA key
                 Version: 3
                 Trust this certificate? [no]:  yes
                 Certificate was added to keystore		
	
	
	

<5> Keytool - delete keystore by alias name:
     |
     |__ $ keytool -delete -alias emeralit -keystore $ORACLE_HOME/oracle_home/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
	
	
	
	
Reference:
     |
     |__ o. https://docs.oracle.com/cd/E19509-01/820-3503/ggffo/index.html
     |
     |__ o. https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html
Your Comments