Advanced
- Application Server
|
|
|
|
"Most
folks are as happy as they make up their minds to be."
-Abraham
Lincoln (1809-1865)
|
How
to manage Oracle Certificate Authority Policies
(LESSON
23)
In
this hands-on, you will learn how to modify the default policy to
accept the renewal of an expired certificate until 15 days of
expiration.
In
your browser, go to OCA administration page by using the following
URL:
https://<hostname.domain>:4400/oca/admin
Click
on the “Configuration Management” tab:
Click
on the “Policy” tab:
In
the “Policy Rules” page, select Renewals from the drop-down menu
“View Policies for.”
Now,
you should see the “Policy” page for Renewal.
You may see the default renewal policy if the values were not
changed.
Check
the “RenewalRequestConstraint” box and click Edit to edit the
properties of this policy. If you have been prompted for certificate,
select your OCA administrator certificate.
In
the “Edit Policy Result: RenewalRequestConstraint” page, edit the
values of your policy for the following parameters:
-
Days before
expiration date
-
Days after
expiration date
-
Duration of
renewal (days)
Click
in the drop-down menu under any fields, and change the values. Then
click on the OK button. You may be prompted to select the OCA
administrator certificate.
Once
the OCA displays a confirmation message, you have successfully changed
your certificate authority policy.
In
order your changes get enforce, you should stop and start your OCA
server.
You
may want to set the OCA server to accept only SSL certificate if the
key size is above 1024.
In
your browser, go to OCA administration page by using the following
URL:
https://<hostname.domain>:4400/oca/admin
Click
on the “Configuration Management” tab:
Click
on the “Policy” tab:
In
the “Policy Rules” page, select Request from the drop-down menu
“View Policies for.”
Now,
you should see the “Policy Rules” page. Select
“RSAKeyConstrints” under Policy name and click the “Edit”
icon. You may be prompted to select OCA administrator certificate. Go
to the “Predicate Details” section, and the click “Add Another
Row” to add another predicate value. Enter value (Usage==”ssl”)
into the “Predicate Expression” field. Enter value for the Maximum
key size default (bits) and Minimum Key size default (bits) fields.
On
the “Predicate Details” section, click on the “Reorder” icon
to move the Usage==”ssl” predicate above Type==”client” and
then click on the “OK” icon.
In
order your changes get enforce, you should stop and start your OCA
server.
|