Change connector Administration certificate

I installed OUD using a certification authority issued the certificate during the installation by using the option - useJavaKeystore and I see that the LDAPS connector is using this certificate.  However, the Administration connector always uses a self-signed certificate.  I would replace this certificate self-signed with the CA that issued the certificate.  I tried to find instructions, but all this I found this link (Management Administration traffic to the Server - Guide of Administration Oracle Fusion Middleware for Oracle unified Directo...) that had this little introductory text: "You can manage the certificate in administration connector using external tools, such as the keytool utility."

To dig a little, I think that I came up with the correct sequence/steps to get this working.  Basically, I deleted the admin-cert leave two keystore: / admin/config-truststore and/config/admin-keystore.  I then imported the key pair that I created for the initial installation.  I also changed the /config/admin-keystore.pin to match the PIN that I used when creating the key file.

It seems to work, but I would like to know if it's the correct method and if there would be side effects to replace the certificate used by the connector to the Administration.

The exact measurements that I follow are below:

  1. Generate the key and key pair:
    1. keytool - genkeypair - dname "CN = server-cert, dc = myorg" - alias server-cert - keyalg RSA - keypass "myKeyPass" - storepass "myKeyPass" - keystore mykeystore.jks
  2. Generate the certificate request
    1. keytool - certreq-alias server-cert - mykeystore.jks - file myCertRequest.csr-keystore
  3. Get x 509 server certificate authority certificate (server.crt) and root CA Cert public (rootca.crt)
  4. Import the CA certificate root in keystore
    1. keytool-import - trustcacerts-alias root - file rootca.crt - keystore mykeystore.jks - storepass "myKeyPass.
  5. Import CA issued certificate into the keystore
    1. keytool-import - trustcacerts-alias server-cert-file server.crt - keystore mykeystore.jks - storepass "myKeyPass" - keypass "myKeyPass.
  6. Change keys to OUD Admin default truststore password
    1. keytool - storepasswd - keystore $OUD_INSTANCE/config/admin-truststore - storepass ' content to admin - keystore.pin'-'myKeyPass' new
  7. Change password for keystore from the keystore default admin OUD
    1. keytool - storepasswd - keystore $OUD_INSTANCE/config/admin-keystore - storepass ' content to admin - keystore.pin'-'myKeyPass' new
  8. Modify the password in clear text to the new keystore password
    1. Vim /$OUD_INSTANCE/config/admin-keystore.pin # replace with the new key [myKeyPass]
  9. Import the CA certificate root in default admin truststore OUD
    1. keytool-import-trustcacerts-alias root - file rootca.crt - keystore $OUD_INSTANCE/config/admin-truststore - storepass "myKeyPass.
  10. Import the cert of the CA root key by default OUD admin file
    1. keytool-import-trustcacerts-alias root - file rootca.crt - keystore $OUD_INSTANCE/config/admin-keystore - storepass "myKeyPass.
  11. Remove admin-certificate self-signed default admin truststore OUD
    1. keytool - delete - alias admin-cert - keystore $OUD_INSTANCE/config/admin-truststore - storepass "myKeyPass.
  12. Remove admin-certificate self-signed default OUD admin keystore
    1. keytool - delete - alias admin-cert - keystore $OUD_INSTANCE/config/admin-keystore - storepass "myKeyPass.
  13. CA issued import keypairs in keystore default Admin OUD
    1. keytool - importkeystore - srckeystore mykeystore.jks - destkeystore $OUD_INSTANCE/config/admin-keystore - srcstorepass "myKeyPass' - deststorepass 'myKeyPass" srcalias - Server-cert - destalias admin-cert - srckeypass 'myKeyPass' - destkeypass 'myKeyPass.
  14. CA issued import keypairs in default truststore OUD
    1. keytool - importkeystore - srckeystore mykeystore.jks - destkeystore $OUD_INSTANCE/config/admin-truststore - srcstorepass "myKeyPass' - deststorepass 'myKeyPass" srcalias - Server-cert - destalias admin-cert - srckeypass 'myKeyPass' - destkeypass 'myKeyPass.

Hello

This procedure is correct.

Expect administrative tools using admin port (for example dsreplication) invite you to trust the cert (new) server.

Note: This administrative action will be facilitated in a later version of OUD... Stay tuned.

Sylvain

Please mark this answer as correct or helpful, when it is appropriate to make it easier for others to find

Tags: Fusion Middleware

Similar Questions

  • IIS on Windows Server 2012 R2 8.5 sends error 401.2 when change password Administrator windows local, 500 errors

    IIS on Windows Server 2012 R2 8.5 sends error 401.2 when change password Administrator windows local, 500 errors

    This particular configuration is with Coldfusion 11. There is no errors in newspapers and the w3 service still works as are application pools. All websites and app pools run with transmission of authentication request.

    ColdFusion does not work with windows authentication and may be enforced as if reconfigured integrated instance to do this, if this isn't a matter of colfusion.

    Here is what I tried:

    1 I created a new user account with admin rights and disconnected and logged in as them and then make changes to the password on the server, and that didn't make a difference.
    2. I checked that all Web sites using the request pass through authentication.
    3. I checked that the application pool is also using the application-pass-through authentication.
    4. I looked to find errors in which case newspapers but don't see anything there either
    5. I also searched a failure in coldfusion logs and saw no more relevant here either, but I got colfusion running without IIS in any case.
    6. search of the roots of web for coded passwords hard and found nothing.

    If you have any ideas or any ideas let me know.

    Hello

    The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • I changed my administrative password and I forgot what I changed to. Now it is locked

    I changed my administrative password and I forgot what I changed to.  Now it is blocked.  Help.

    I changed my administrative password and I forgot what I changed to.  Now it is blocked.  Help.

    The following tutorial can help you get out of the jam.
     
    Regain access to your admin account using system restore
     
     
    Excerpt:
    Important note...
    This works in cases where you changed your password to something new and then has forgotten or deleted a user account by accident. So that this works, there must be a restore point from the system during which logging has managed for the account of the problem. In addition, this isn't a problem if you are in a domain environment because the domain administrator can always reset your password.
     
    If the above cannot stop, our hands are tied.
    This forum is strictly forbidden any person helping users to bypass the protection passwordd.
    Here is the link to this policy:
    Keep secure passwords - Microsoft strategy on move the passwords

  • My cousin has changed my administrative password. I have need to change and to put on "know how.

    I don't know how to change or what my cousin changed my administrative password.

    See: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/usercpl_change_password.mspx?mfr=true

    Or ask your cousin to show you or advise you on how to change the password it has established.

    Harold Horne / TaurArian [MVP] 2005-2011. The information has been provided * being * with no guarantee or warranty.

  • I just changed the administrator to standar account now the Dungeon of computer on request for the password that I continue to put the one I use to have but nothing happens whats rong whit this

    Just change the administrator account for standar now the computer keep on asking the password I continue to put the one I use to have but nothing happen how to find the password, usted an i have I removed it now what?

    Hello

    see if that can help you with this status has changed for the account

    worth a try

    You may be unable to connect to Windows Vista or Windows 7 in the following scenarios:

    • Scenario 1: You recently set a new password for the protected administrator account. However, you don't remember the password.
    • Scenario 2: You type the correct password. However, Windows Vista or Windows 7 does not accept the password because the system is damaged.
    • Scenario 3: You delete a protected administrator account. Now, you cannot connect to another administrator account.
    • Scenario 4: You change an administrator account protected with a standard user account. Now, you cannot connect to another administrator account.

    http://support.Microsoft.com/kb/940765

  • I changed my administrator account to standard account by mistake...

    Hello

    My Vista Home Premium has 1 account, an administrator account. I had the a/c turned off comments. By mistake I changed this 1 account for a standard account. Now every action that requires an administrator account is showing me a promt asking a computer ASP.Net account... password.

    I think that this asp.net account I had deleted or removed a year ago. I can not okey this prompt, I don't know what password to enter. So now that I'm stuck, I can't do something that requires admin rights.

    Help, please!

    Thank you

    Karl

    Hi, I'm having the same problem, I remember I changed my administrator password and I forgot.

    You do not have the same problem as redhalls.

    You have changed a new password and you forget what is the new password. Yes?
    If so, remember your old password?
    If Yes, try to use this tutorial:
    http://www.howtogeek.com/HOWTO/Windows-Vista/how-to-regain-access-to-your-administrator-account-in-Windows-Vista-using-system-restore/

    IMPORTANT NOTE: this works in cases where you changed your password to something new and then has forgotten or deleted a user account by accident. So that this works, there must be a restore point from the system during which logging has managed on behalf of problem for the benefit of other people looking for answers, please mark the suggestion as answer if it solves your problem.

  • change of administrator user account

    Windows Vista won't let me change my administrator user account

    How to change your account type: http://windows.microsoft.com/en-US/windows-vista/Change-a-users-account-type#. Note: You will need to use the administrator account to do this.

    Rifdhan

    If this is your answer, click on "Mark as answer" below. If it's useful, click on "Mark as useful" on the left.

  • How can I change the administrator password?

    I use a Windows 7 computer. I open cmd.exe to laugh and try, I've been on the standard user account, I changed the administrator password and I do not know. I don't have a reset boot disk.

    With a Dell with Windows 7, you press F8 at startup, not Ctrl + F11

    CTRL + f11 was for XP and Dell.

    "How to restore your Windows 7 computer to factory settings.

    http://www.Dell.com/support/troubleshooting/us/en/04/KCS/KcsArticles/ArticleView?docid=125843

    To restore your Windows 7 computer to factory settings

    1. Back up important files and data. If you do not back up your files, you will lose them.
    2. Turn off your computer.
    3. Disconnect everything but the monitor, keyboard, and mouse. This includes your:
      • Scanner
      • printer
      • modem or network cables
      • mobile phone and Tablet
      • Another external hard drive or USB flash drive
    4. If your laptop is docked, remove it from the docking station.
    5. When the Dell logo appears, press F8 several times to open the Advanced Boot Options.
      Note: If does not open the menu Options Options Advanced, boot wait for the Windows login prompt. Then, restart the computer and try again.


    6. Use the arrow keys to select repair your computer, and then press on entry.
    7. In the System Recovery Options menu, select a keyboard layout and click Next.

    8. To access the recovery options, log in as administrator and click OK to open the Dell Factory Image Restore .

    9. Depending on your configuration, you may need to select Dell Factory tools, then Dell Factory Image Restore.
    10. Click next to open the menu to confirm the deletion of data.

    11. Select the Yes, reformat hard drive and restore the system software of box condition factory and click Next.
      Note: The restore process begins and may take five or more minutes. A message appears when the operating system and the applications installed in the factory have been restored to the State of the plant.


    12. Once the complete restore operation, click Finish to restart the computer.

    13. Restore all data or programs that you want to back up files.
    14. See you soon.

  • How can I change my administrative settings?

    How do I change my administrative settings so I can patch my games?

    First of all I would like to know if you have found a mistake?
    If so, provide me with the error.
    If you have no administrator privileges and work on the standard user account, then it is not possible.

    Good luck!

  • I need help to change the administrative password

    How can I change the administrative password when the computer was a gift and I do not know the password. I need the password to set anything in the computer, including the time?

    Can you log on under an admin account - any admin account? If this isn't the case, then you must ask the former owner for the password.

  • You cannot change the administrator account

    Original title: sdasdasdas

    I ca't change on my computer, my OS is windows 7 when I try to change administrator, it asks for a password when I put my password it say "" connection failed: the user did not request type of login on this computer "for this reason I'm stock on my user account and I can not install all the tools" because he has an administrator privileges. pls help me. ?

    Hello

    It seems that you cannot change the administrator.

    Perform the steps mentioned below and see if it helps.

    a: Click Start and type gpedit.msc in the Start Search area and press on Enter.

    b: Navigate to the following location
    Computer configuration / Windows Settings / Security Settings / Local political

    c: Under this click user rights assignment.

    d: Double-click access this computer from the network and verify that EVERYONE is added to the list.

    e: Otherwise add it by clicking Add a user or group , and then type EVERYONE, click OK and then apply and OK.

    Hope this information helps.

  • Cannot change the administrator account!

    Hello. I need to change my administrator account so I can make changes to my accounts on the internet, but my internet provider told me I'm just a standard user in Windows 8 and I need to change it to the administrator. When I try to change my profile from standard user to administrator, Windows 8 doesn't let me, even if I am logged in under my account from Microsoft. How can I change this? It is quite frustrating!

    Hello. I need to change my administrator account so I can make changes to my accounts on the internet, but my internet provider told me I'm just a standard user in Windows 8 and I need to change it to the administrator. When I try to change my profile from standard user to administrator, Windows 8 doesn't let me, even if I am logged in under my account from Microsoft. How can I change this? It is quite frustrating!

    Hello

    You cannot use a Standard (Local) account to change the administrator account. You can only use an administrator for this account.

    Open the control panel (place the cursor on the bottom/left corner of the screen... and right click, select Control Panel from the menu

    In Control Panel, select user accounts.

    Select Manage another account.

    This will show all the user accounts on the computer. If there is an administrator account, it will show this designation.

    To log off and log on with an administrator account.

    Back to the account user/screen control.

    Select Manage another account , then select the Standard account you want to change.

    Select the option Change the account Type .

    Select the administrator option to change the account and click Change the account Type .

    If there is no other administrator account, let know us and we can try another method of recovery.

    Tell us what you find.

    Concerning

  • I can't seem to change the administrator password

    I need help to enter administrator password so user account control will not ask for administrator password

    Hello Louis,.

    Thanks for posting your question on the forum of the Microsoft community.

    I would like to know some information about the problem so that we can help you better.

    1. are you trying to disable user account control?
    2. what happens when you try to change the administrator password? You receive an error message?

    I suggest you try using the steps described in this article and check if it helps.

    What to do if you forget your Windows password
    http://Windows.Microsoft.com/en-us/Windows/what-do-forget-Windows-password#1TC=Windows-8

    I hope this information helps.

    Simply answer the required information and let us know if you need more help.

    Thank you

  • change an administrator

    Hello, need to know how to change an administrator

    Please sign in to your Adobe account, and then access the link that appears in the previous post.

  • How to change the administrator managed apple id?

    Hey,.

    I upgraded to the Manager of the school of Apple and entered the Apple ID used for DEP as administrator Managed Apple ID (ID One for all ;-)).

    Now, it is not possible to connect with this ID in the DEP. If I try to change the ID managed in the school of Apple Manager, I get the message "connection error".

    What I have to do, to get back to work Apple ID?

    Hello clausfromritterhude,

    Thanks for this info and choosing the communities Support from Apple. I know how important understanding Apple school Manager since update is for you! By this article from Apple:

    Upgrade your facility to the Manager of the school of Apple

    From what you have stated, this behavior is expected not to be able to connect to the DEP (device registration program). Here's a quote:

    "After completing the upgrade, you will use the Apple School Portal Manager to access your data. You will have access to the Apple site deployment after upgrading programs. »

    See you soon!

Maybe you are looking for