TLS , EBS 12.2.14 and cert

Hi Dear Erman!

I have a problem with interpreting   the note TLS 12-2 1367293.1
We have  currenty TLS v1.0, v1.2 v1.2 enabled p  with the old certificate. That certificate and authorty will stop working in 1/2 year.

We need  to change to only TLS v1.2 . So applied all patches mentioned in 1367293.1
Then  created new identity wallet  10.2 step and sent to authority the request new certificate
We got back pfx type  and  did the steps in 10.1
So  those steps in 10.1 created new cwallet.so  and then I will use this new one ( and remove the one i created in 10.2 first to get request sent )
Correct ?

Then i dont understand what should i do  about this:
In section 8 about  old location  of wallet for OPMN and OHS..
Previous wallet locations:
    <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default
    <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/proxy-wallet
    <s_ohs_instance_loc>/config/OPMN/opmn/wallet
    $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet
    $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet
the old certificate not using  MD5withRSA .  So  will not have the problem with MD5withRSA, but the certificate will be expired.  So should i remove from  above locations old cwallet.so  and the put  the new one that i got extracted  from pfx  in 10.1  step ?

Do you see problem  IF for  EBS  used internally only that  i will skip enabling  "TLS for the WLS admin server"  (5.5) ? I know that i will get unsecure in edge.. but apart from that... ?

thx alot!
take care!
Laurel

Hi Laurel,

It's been a while since I didn't mess with pfx's. But I checked the note and you are asking the right question :)

10.1 is for getting crt out of pfx.. Creating jks, creating a wallet and converting that jks to the wallet and exporting the cert(s) to crt.
10.2 is the standard procedure.

So you gotta combine those

You have 2 options:

1)
Create the wallet and follow the standard routine for creating certificate request.. Once you got the pfx certificates, convert them to the crt and then import to the wallet.
Wallet's final location will be  <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default.
So you start with step 10.2, and then go with step 10.1, and thet you will go back to step 10.2 and finish.

2)
Create the wallet by following 10.1 and get your crt files by exporting them as given in those steps. Then, you create a CSR and import your crt(s) to that wallet.