iSelfSchooling - How to manage Oracle Certificate Authority Policies

Check the “RenewalRequestConstraint” box and click Edit to edit the properties of this policy. If you have been prompted for certificate, select your OCA administrator certificate.

In the “Edit Policy Result: RenewalRequestConstraint” page, edit the values of your policy for the following parameters:

- Days before expiration date

- Days after expiration date

- Duration of renewal (days)

Click in the drop-down menu under any fields, and change the values. Then click on the OK button. You may be prompted to select the OCA administrator certificate.

Once the OCA displays a confirmation message, you have successfully changed your certificate authority policy.

In order your changes get enforce, you should stop and start your OCA server.

You may want to set the OCA server to accept only SSL certificate if the key size is above 1024.

In your browser, go to OCA administration page by using the following URL:

https://<hostname.domain>:4400/oca/admin

Click on the “Configuration Management” tab:

Click on the “Policy” tab:

In the “Policy Rules” page, select Request from the drop-down menu “View Policies for.”

Now, you should see the “Policy Rules” page. Select “RSAKeyConstrints” under Policy name and click the “Edit” icon. You may be prompted to select OCA administrator certificate. Go to the “Predicate Details” section, and the click “Add Another Row” to add another predicate value. Enter value (Usage==”ssl”) into the “Predicate Expression” field. Enter value for the Maximum key size default (bits) and Minimum Key size default (bits) fields.

On the “Predicate Details” section, click on the “Reorder” icon to move the Usage==”ssl” predicate above Type==”client” and then click on the “OK” icon.

In order your changes get enforce, you should stop and start your OCA server.