SSL Certificate

saketsrv

Hi,

Application - OHS (To reverse proxy OBIEE Analytics)

Version for both     - 12.2.1.2.0 

Is there any public/private SSL CA service which can sign the CSR having dn with hostname (CN) (application is in testing phase and doesn't have qualified domain name yet).

I tried few trial services (e.g thwate,symantic) but they all responded with 'we could not verify some information that you submitted' even though the CSR is valid.

Please advice !!

handat

Why don't you sign them yourself since it is not a production system? Use openssl for that. Just google openssl and there are plenty of tutorials about how to sign SSL certificates.

saketsrv

Hi Handat,

I was thinking to check the trial before paying but it seems just with with hostname ,they dont release the signed certificate (not sure).

Now i will have to go with self signed.

Thanks anyway !!

Igoroshka

You may go through complete self-signed SSLs cycle:

1. Create Certification Authority (with command line tools or GUI).

2. Create root self-signed certificate.

3. Download and install export policies files on your WLS, OHS JVMs (by default unlimited strength jurisdiction policies applied).

4. Create identity and trust cryptostores on OHS and WLS.

5. Issue certificate sign request on each server.

6. Sign certificates with your root certificate.

7. Import signed certificates into identity and trust stores on the servers.

8. Configure WLS, OHS to use signed certificates.

9. Configure ciphers list.

10. Verify that traffic does encrypted as designed.

On production you will do exactly the same except first 2 steps.

handat

You have to proof that you actually own the domain for which you are requesting a certificate before the CA will give you one. A hostname alone is not valid since you must have a valid domain. Otherwise hackers could just get certificates for any servers they want.