My Oracle Support Banner

How to create a local Root CA with OpenSSL to sign SSL Certificates (Doc ID 1009232.1)

Last updated on MAY 17, 2018

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.2 and later
All Platforms
***Checked for relevance on 20-Nov-2012***
***Checked for relevance on 30-Apr-2014***


This document describes the necessary steps to create a local certificate authority that can be used to deliver digital certificates for servers such as Directory, Web or Messaging Server.

It also describes an application of this procedure to the Directory Server.

Signing a certificate request with a local CA is a good alternative to using commercially issued certificates. The functionality will be the same, except for free.

A local CA is useful when doing workshops, or testing SSL secure connections, and don't want to go to Verisign to get a certificate for your POC server. Indeed, if used with the Web server, it will prompt browser warning about unknown CA root, and consequently, issuer identity, until you decide to trust that certificate.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.