How to Use/Convert an ODSEE CA-Signed Certificate Chain to Use in an OUD PKCS12 Keystore
(Doc ID 2657916.1)
Last updated on FEBRUARY 07, 2022
Oracle Unified Directory - Version 184.108.40.206.0 and later Oracle Directory Server Enterprise Edition - Version 220.127.116.11.190716 and later Information in this document applies to any platform.
By default, OUD uses Java Keystores/Truststores.
When using keytool -list this Warning is given -
Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore <KEYSTORE> -destkeystore <KEYSTORE> -deststoretype pkcs12".
This document shows how to use / convert an ODSEE CA-signed certificate chain to use in an OUD PKCS12 keystore
Create the ODSEE certificate chain which consists of a -
CA-signed server cert
Verify that ldapsearch is successful using the ODSEE cert DB (which contains the certificate chain)
Using pk12util, create the PKCS12 file using the ODSEE cert DB
Create a new OUD instance and configure the OUD LDAPS Connection Handler to use the PKCS12 Key Manager Provider with the PKCS12 file
Verify that ldapsearch is successful using the PKCS12 file
Configure the OUD Administration Connector to use the same PKCS12 file
Test the OUD Administration Connector using ldapsearch and dsconfig
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!