Edit: I have made progress - and now face a new error: err_ssl_version_or_cipher_mismatch. Due to extreme age of this software, I'm guessing OC4J doesn't support newer TLS. Any ideas?
I have a legacy OBIEE 10g system that I need to start running in SSL. I understand how to update the oc4j server.xml and default-web-site.xml and all that, but I'm having issues with the keystore.
My company have provided me with a CA signed certificate in .pfx format. Can I import this to the keystore directly for use?
To me, it appears not. I exported a .cert from the provided file and loaded it into the keystore. When connecting to the server I now see a "broken SSL" message.
The Oracle tutorial for this talks about using Keytool to create an unsigned cert in the keystore, and then creating a certificate request which is signed by the CA, then you import the signature which matches with the Cert in the Keystore. Do we need to do all that, or can the existing Signed Cert they've provided be used, somehow?