Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I create a SSL certificate from windows 2003 domain controler

Posted on 2014-09-05
7
Medium Priority
?
280 Views
Last Modified: 2014-09-22
I have an Oracle OID server got synchronization problem with the active directory.  I got the below message when I tried to bind the server:


[orcloid@deimos-11G oid1wallet]ldapbind -h saturn.minkagroup.net -p 6636 -D 'minx@minkagroup.net' -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
Cannot connect to the LDAP server
[orcloid@deimos-11G oid1wallet]ldapbind -h saturn.minkagroup.net -p 636 -D 'minx@minkagroup.net' -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
 SSL handshake failed
[orcloid@deimos-11G oid1wallet]ldapbind -h saturn.minkagroup.net -p 636 -D "minx@minkagroup.net" -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
 SSL handshake failed
[orcloid@deimos-11G oid1wallet]


Oracle Support verified it's the domain controller's problem, she asked me to export the certificate from domain controller and import it into the oid server, I have a certificate server setup on the domain controller by my predessor. How could I export the certificate from the server and finish importing. Do I need export a private key or public key?

Thanks.
0
Comment
Question by:Jason Yu
  • 3
  • 3
7 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1500 total points
ID: 40306978
I cannot tell you clearly if you need the private key for the oracle app, but you can export two files
Public Key and the key pair.


Open mmc.exe on the DC - Add remove snap in - Certificates - local computer - expand personal - find the cert in the right pane and right click and export.

For private key, when you export, include private key and complete the wizar
d.

For public key only do not select the export private key button and complete the wizard.

I would suggest importing only the public key first and testing.

If you end up needing the private key, then install using the pfx file created when you used the private key option.


To import:
On the OID server
Open mmc.exe on the DC - Add remove snap in - Certificates - local computer - expand personal - right click and import - point to the .cer file you created from above and test.

If that fails then redo the steps and above and point to the .pfx file.
0
 
LVL 36

Assisted Solution

by:Seth Simmons
Seth Simmons earned 500 total points
ID: 40306994
@becraig
importing the cert through mmc console is not an option since the oracle server is obviously linux
0
 
LVL 29

Accepted Solution

by:
becraig earned 1500 total points
ID: 40307003
So true Seth I missed that, thanks.

Here are the steps for porting both files to Linux.

http://fixmyitsystem.com/2011/03/how-to-export-and-convert-windows-pfx.html
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:Jason Yu
ID: 40307051
thank you guys very much, yes,the oid server is linux, I am gonna try it now.
0
 

Author Comment

by:Jason Yu
ID: 40310634
I successfully imported the certificate to the wallet. I tested the ldapbind to the first domain controller successfully.

[orcloid@deimos-11G oid3wallet]ldapbind -h saturn.minkagroup.net -p 636 -D "minx@minkagroup.net" -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
bind successful



However, when I use the same command to test the virtual link on the load balancer, it erred out.

[orcloid@deimos-11G oid3wallet]ldapbind -h thebes.minkagroup.net -p 6636 -D "minx@minkagroup.net" -w .g0rg0n. -U 2 -W file://u2/oracle/oidware/asinst_1/OID/admin/oid3wallet -P "h3r4kl3s"
 SSL handshake failed

I am uploading the load balancer copy screen
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1500 total points
ID: 40310716
This looks to be an issue where the certificate needs to be installed on the load balancer, I am not sure if the oracle folks or your network guy can walk you through this one.
0
 

Author Comment

by:Jason Yu
ID: 40337453
I got it resolved finally. It proved the certificate on the OID expired too, I have to renew the certificate on the OID too.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question