• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

How can I create a SSL certificate from windows 2003 domain controler

I have an Oracle OID server got synchronization problem with the active directory.  I got the below message when I tried to bind the server:


[orcloid@deimos-11G oid1wallet]ldapbind -h saturn.minkagroup.net -p 6636 -D 'minx@minkagroup.net' -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
Cannot connect to the LDAP server
[orcloid@deimos-11G oid1wallet]ldapbind -h saturn.minkagroup.net -p 636 -D 'minx@minkagroup.net' -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
 SSL handshake failed
[orcloid@deimos-11G oid1wallet]ldapbind -h saturn.minkagroup.net -p 636 -D "minx@minkagroup.net" -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
 SSL handshake failed
[orcloid@deimos-11G oid1wallet]


Oracle Support verified it's the domain controller's problem, she asked me to export the certificate from domain controller and import it into the oid server, I have a certificate server setup on the domain controller by my predessor. How could I export the certificate from the server and finish importing. Do I need export a private key or public key?

Thanks.
0
Jason Yu
Asked:
Jason Yu
  • 3
  • 3
4 Solutions
 
becraigCommented:
I cannot tell you clearly if you need the private key for the oracle app, but you can export two files
Public Key and the key pair.


Open mmc.exe on the DC - Add remove snap in - Certificates - local computer - expand personal - find the cert in the right pane and right click and export.

For private key, when you export, include private key and complete the wizar
d.

For public key only do not select the export private key button and complete the wizard.

I would suggest importing only the public key first and testing.

If you end up needing the private key, then install using the pfx file created when you used the private key option.


To import:
On the OID server
Open mmc.exe on the DC - Add remove snap in - Certificates - local computer - expand personal - right click and import - point to the .cer file you created from above and test.

If that fails then redo the steps and above and point to the .pfx file.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
@becraig
importing the cert through mmc console is not an option since the oracle server is obviously linux
0
 
becraigCommented:
So true Seth I missed that, thanks.

Here are the steps for porting both files to Linux.

http://fixmyitsystem.com/2011/03/how-to-export-and-convert-windows-pfx.html
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Jason YuAuthor Commented:
thank you guys very much, yes,the oid server is linux, I am gonna try it now.
0
 
Jason YuAuthor Commented:
I successfully imported the certificate to the wallet. I tested the ldapbind to the first domain controller successfully.

[orcloid@deimos-11G oid3wallet]ldapbind -h saturn.minkagroup.net -p 636 -D "minx@minkagroup.net" -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
bind successful



However, when I use the same command to test the virtual link on the load balancer, it erred out.

[orcloid@deimos-11G oid3wallet]ldapbind -h thebes.minkagroup.net -p 6636 -D "minx@minkagroup.net" -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
 SSL handshake failed

I am uploading the load balancer copy screen
0
 
becraigCommented:
This looks to be an issue where the certificate needs to be installed on the load balancer, I am not sure if the oracle folks or your network guy can walk you through this one.
0
 
Jason YuAuthor Commented:
I got it resolved finally. It proved the certificate on the OID expired too, I have to renew the certificate on the OID too.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now