How to create a local Root CA with OpenSSL to sign SSL Certificates (Doc ID 1009232.1)

Last updated on SEPTEMBER 16, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.2 and later
All Platforms
***Checked for relevance on 20-Nov-2012***
***Checked for relevance on 30-Apr-2014***

Goal

This document describes the necessary steps to create a local certificate authority that can be used to deliver digital certificates for servers such as Directory, Web or Messaging Server.

It also describes an application of this procedure to the Directory Server.

Signing a certificate request with a local CA is a good alternative to using commercially issued certificates. The functionality will be the same, except for free.

A local CA is useful when doing workshops, or testing SSL secure connections, and don't want to go to Verisign to get a certificate for your POC server. Indeed, if used with the Web server, it will prompt browser warning about unknown CA root, and consequently, issuer identity, until you decide to trust that certificate.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms