How to Change the Communication Mode Between the WebGate and Access Server to Cert in Oracle Access Manager (OAM) 11g

(Doc ID 1384928.1)

Last updated on NOVEMBER 03, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.3.0 and later
Information in this document applies to any platform.

Goal

How to change the communication mode between the WebGate and Access server to cert for the Oracle Access Manager 11g (OAM)  product?

To accomplish this task you will need to generate, manipulate, import, and copy the base of the following files, using various tools (openSSL, keytool) and formats (.pem,.der).

key - key created during the creation of the certificate request
cert - certificate returned from the CA based on the submitted request
chain – rootCA/subCA certificate that is trusted by the certificate


In the end, there will be 6 resulting files. Three files (two .der and one .pem) that are used by the OAM server and that are imported into the .oamkeystore. Three files (three .pem) that are copied to the associated WeGates specific directory location.

OAM Server (.oamkeystore) - aaa_key.der - aaa_cert.der - aaa_chain.pem
WebGate (WebGate version specific location) - aaa_key.pem - aaa_cert.pem - aaa_chain.pem

Passwords you will need to know and remember ...
aaa_key.pem password - This password is set in section I. Generating a Certificate Request and Private Key and will be needed when reading the key. It is used in this document when converting the aaa_key.pem to DER format.

.oamkeystore - This password is verified in section II. Retrieving the OAM Keystore (.oamkeystore) Password and will be needed when dealing with the .oamkeystore. It is used in this document when importing the trusted certificate chain, aaa_key.der, and the aaa_cert.der.

Alias Password/ PEM keystore Alias Password - This password is set in section III. Importing the Trusted, Signed Certificate Chain Into the OAM Keystore and will be needed when dealing with the alias used for the certs for the oam server that are imported into the .oamkeystore. It is used in this document when running the importcert.jar to import the .der files and adding the certificate details to Access Manager settings.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms