How to create a local Root CA with OpenSSL to sign SSL Certificates
Last updated on SEPTEMBER 16, 2016
Applies to:Oracle Directory Server Enterprise Edition - Version 5.2 and later
***Checked for relevance on 20-Nov-2012***
***Checked for relevance on 30-Apr-2014***
This document describes the necessary steps to create a local certificate authority that can be used to deliver digital certificates for servers such as Directory, Web or Messaging Server.
It also describes an application of this procedure to the Directory Server.
Signing a certificate request with a local CA is a good alternative to using commercially issued certificates. The functionality will be the same, except for free.
A local CA is useful when doing workshops, or testing SSL secure connections, and don't want to go to Verisign to get a certificate for your POC server. Indeed, if used with the Web server, it will prompt browser warning about unknown CA root, and consequently, issuer identity, until you decide to trust that certificate.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms