********************************************************** * Description: Oracle KEYTOOL to insert trust certificate * Date: 03:19 PM EST, 10/01/2020 ********************************************************** <1> The JSSE makes use of files called KeyStores and TrustStores: | |__ o. A KeyStore consists of a database containing a private key and an associated certificate, or an associated certificate chain. | The certificate chain consists of the client certificate and one or more certification authority (CA) certificates. | | |__ o. A TrustStore contains only the certificates trusted by the client (a “trust” store). | These certificates are CA root certificates, that is, self-signed certificates. | | |__ o. The KeyStore is used by the adapter for client authentication, while the TrustStore is used to authenticate a server in SSL authentication. <2> Backup Existing KeyStore(JKS Type): | |__ $ cp -p $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks.09302020 <3> Keytool - list certificate within existing keystore: | |__ $ keytool -list -alias emeralit -keystore $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase emeralit, Sep 30, 2020, trustedCertEntry, Certificate fingerprint (SHA1): D1:0F:D4:73:E9:C4:49:25:F6:C8:9B:6F:8F:DB:49:48:85:B8:2D:FD <4> Keytool - import new trust certificate: | |__ $ keytool -importcert -alias emeralit -trustcacerts -file /tmp/new_cert.cer -keystore $ORACLE_HOME/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase Owner: CN=emeralit - signintest.emeralit.com Issuer: CN=emeralit - signintest.emeralit.com Serial number: 5a4a0b75b2cdb29e494c93c4c3ae0273 Valid from: Wed Sep 02 15:05:45 EDT 2020 until: Sat Sep 02 15:05:45 EDT 2023 Certificate fingerprints: MD5: F4:88:D0:1D:F5:78:98:68:4E:CD:07:62:4B:CE:DF:65 SHA1: D1:0F:D4:49:E9:D4:19:64:F6:E8:9B:6F:8F:EF:49:48:85:B6:7D:FD SHA256: E0:33:4B:32:F1:C5:CB:61:A3:2C:EA:30:9F:2D:2F:9D:87:C9:71:E6:14:C0:E5:F8:9C:E2:01:0F:DE:C0:EF:63 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Trust this certificate? [no]: yes Certificate was added to keystore <5> Keytool - delete keystore by alias name: | |__ $ keytool -delete -alias emeralit -keystore $ORACLE_HOME/oracle_home/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase Reference: | |__ o. https://docs.oracle.com/cd/E19509-01/820-3503/ggffo/index.html | |__ o. https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html
Your Comments