My Oracle Support Banner

How to Change the Communication Mode Between the WebGate and Access Server to Cert in Oracle Access Manager (OAM) 11.1.2.2.8 (Doc ID 1384928.1)

Last updated on SEPTEMBER 12, 2023

Applies to:

Oracle Access Manager - Version 11.1.1.3.0 to 11.1.2.2.8 [Release 11g]
Information in this document applies to any platform.

Goal

 How to change the communication mode between the WebGate and Access server to cert for the Oracle Access Manager (OAM) 11g product?

To accomplish this task you will need to generate, manipulate, import, and copy the base of the following files, using various tools (openSSL, keytool) and formats (.pem,.der).

key - key created during the creation of the certificate request

cert - certificate returned from the CA based on the submitted request

chain - rootCA/subCA certificate that is trusted by the certificate


In the end, there will be 6 resulting files. Three files (two .der and one .pem) that are used by the OAM server and that are imported into the .oamkeystore. Three files (three .pem) that are copied to the associated WeGates specific directory location.

OAM Server (.oamkeystore) - aaa_key.der - aaa_cert.der - aaa_chain.pem
WebGate (WebGate version specific location) - aaa_key.pem - aaa_cert.pem - aaa_chain.pem

Passwords you will need to know and remember ...
aaa_key.pem password - This password is set in section I. Generating a Certificate Request and Private Key and will be needed when reading the key. It is used in this document when converting the aaa_key.pem to DER format.

.oamkeystore - This password is verified in section II. Retrieving the OAM Keystore (.oamkeystore) Password and will be needed when dealing with the .oamkeystore. It is used in this document when importing the trusted certificate chain, aaa_key.der, and the aaa_cert.der.

Alias Password/ PEM keystore Alias Password - This password is set in section III. Importing the Trusted, Signed Certificate Chain Into the OAM Keystore and will be needed when dealing with the alias used for the certs for the oam server that are imported into the .oamkeystore. It is used in this document when running the importcert.jar to import the .der files and adding the certificate details to Access Manager settings.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 OAM 12c
 OAM 11g
 I. Generating a Certificate Request and Private Key
 II. Retrieving the OAM Keystore (.oamkeystore) Password
 III. Importing the Trusted, Signed Certificate Chain Into the OAM Keystore
 A. Import the trusted certificate chain (aaa_chain.pem) into the .oamkeystore
 B. Convert the aaa_cert.pem to DER format
 C. Convert the aaa_key.pem to DER format
 D. Import the aaa_key.der and the aaa_cert.der format certificates into the .oamkeystore using Oracle supplied importcert.jar file
 IV. Adding Certificate Details to Access Manager Settings
 A. Define the Access Protocol used by the oam_server
 B. Setting the OAM_server mode to cert
 V. Generating a Private Key and Certificate Request for the WebGate’s
 VI. Updating WebGate to Use Certificates
 A. Update the communication mode in the WebGate Agent registration in the OAM admin console
 B. Copy the updated WebGate files Artifacts to the proper WebGate location
 C. Copy the WebGate certificate files (.Pem) to the proper WebGate location
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.