Definitions, Acronyms, and Abbreviations
Term
|
Description
|
OHS
|
Oracle HTTP Server
|
PKCS12
|
|
TLS
|
Transport Layer Security (https://en.wikipedia.org/wiki/Transport_Layer_Security)
|
SSL
|
Secure Socket Layer (http://info.ssl.com/article.aspx?id=10241)
|
Keystore
|
|
Wallet
|
|
Keytool
|
|
openssl
|
|
orapki
|
Ports:
Make sure following ports are open on OHS machine.
SSL: 4443 (Recommended)
Non-SSL: 7777 (It could be different one as per your environment)
Step1: Importing an existing SSL key/certificate pair into a Java Keystore
If you have given a pair of .cert and .key file (Maybe with password), you have to strictly follow steps listed in this awesome blog by John Graham(http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html). Here are the steps he has given:
1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.
2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).
3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.
1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.
2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).
3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.
We have to have all keys and certificates bundled in a PKCS12 file(.p12 or .pfx) and then import into a single java Keystore(.jks).
To know about PKCS12 read on https://en.wikipedia.org/wiki/PKCS_12
"In cryptography, PKCS 12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust"