Oracle 应用服务器 11g 的 SSL 证书

Oracle 应用服务器 11g 的 SSL 证书

我被要求为“Oracle Application Server 11g”获取 SSL 证书,但该证书即将过期。尽管 10g 似乎是最新版本,但我还是从 InCommon 获得了证书,通常我都顺利获得证书(只是这是我第一次在 CSR 表单上提供 Oracle Application Server 11g 作为软件类型)。在包含证书下载链接的电子邮件中,它提到:

证书详细信息:

SSL 类型 : InCommon SSL

服务器:其他

我将电子邮件转发给负责安装的人,并收到回复,说服务器类型必须是 Oracle 应用服务器,证书才能工作(CN 与以前相同)。他们无法安装此证书(没有向我提供详细信息),并提到他们之前与 Thawte 合作时遇到过这个问题,当时他们没有提供 Oracle 应用服务器作为服务器类型。我看不出当前安装的证书(工作)和我刚刚通过 InCommon 签名的新证书(不工作)之间有什么显著差异。

$ openssl x509 -in sso-current.cer -text

显示,省略了不相关的信息。

Data:
    Version: 3 (0x2)
Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/[email protected]
    Validity
        Not Before: Oct  1 00:00:00 2009 GMT
        Not After : Nov 28 23:59:59 2012 GMT
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
            Public-Key: (2048 bit)
            Modulus:
            Exponent: 65537 (0x10001)
    X509v3 extensions:
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 CRL Distribution Points: 

            Full Name:
              URI:http://crl.thawte.com/ThawteServerPremiumCA.crl

        X509v3 Extended Key Usage: 
            TLS Web Server Authentication, TLS Web Client Authentication
        Authority Information Access: 
            OCSP - URI:http://ocsp.thawte.com

Signature Algorithm: sha1WithRSAEncryption

$ openssl x509 -in sso-new.cer -text

节目

Data:
    Version: 3 (0x2)
Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Internet2, OU=InCommon, CN=InCommon Server CA
    Validity
        Not Before: Nov  8 00:00:00 2012 GMT
        Not After : Nov  8 23:59:59 2014 GMT
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
            Public-Key: (2048 bit)
            Modulus:
            Exponent: 65537 (0x10001)
    X509v3 extensions:
        X509v3 Authority Key Identifier: 
            keyid:48:4F:5A:FA:2F:4A:9A:5E:E0:50:F3:6B:7B:55:A5:DE:F5:BE:34:5D

        X509v3 Subject Key Identifier: 
            18:8D:F6:F5:87:4D:C4:08:7B:2B:3F:02:A1:C7:AC:6D:A7:90:93:02
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 Extended Key Usage: 
            TLS Web Server Authentication, TLS Web Client Authentication
        X509v3 Certificate Policies: 
            Policy: 1.3.6.1.4.1.5923.1.4.3.1.1
              CPS: https://www.incommon.org/cert/repository/cps_ssl.pdf

        X509v3 CRL Distribution Points: 

            Full Name:
              URI:http://crl.incommon.org/InCommonServerCA.crl

        Authority Information Access: 
            CA Issuers - URI:http://cert.incommon.org/InCommonServerCA.crt
            OCSP - URI:http://ocsp.incommon.org

我没有发现什么导致协议无法生效的原因,因此我对签名者在重新签名时应该做什么没有特别的要求。

答案1

尝试这个:

openssl x509 -in sso-current.cer -outform DER -out sso-fixed.cer

您在文件中有一个 PEM 格式的证书.cer

并重命名sso-current.cersso-current.pem

相关内容