Erman Arslan's Oracle Forum EBS 12.2

adjkey cert *

classic Classic list List threaded Threaded
2 messages Options
Laurel
Reply | Threaded
Open this post in threaded view
|

adjkey cert *

Laurel
Hi Dear Erman!


Any advise on this error
java.lang.RuntimeException: java.io.IOException: DNSName components must begin with a letter

adjkey -certreq -sigalg SHA256withRSA -file adkeystore.csrĀ  -ext "SAN=dns:*.xx.xx"

this should be fixed in Java8 but EBS is not certified with Java 8 on ebs tier.
Any workaround  ?

I guess not to use * but generate  csr for each node own.. :)
OR
not to use SAN srting..

Best wishes, Laurel
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: adjkey cert *

ErmanArslansOracleBlog
Administrator
You get this during creating a CSR it seems. That s a validation rules of the relevant standards of that time --- RFC 1034 rules probably.

So, if you cannot use a wildcard, the safest (and most "compliant") path is to generate a CSR for the specific FQDN of the node.

But! if you are asking for a workaround, an idea; maybe you can bypass this CSR creating task. ( I m saying maybe:).. I mean changing the validator.
I mean you may use a different machine (having Java 8 -- a mature version of java 8),
and do those CSR things there and then import the resulting certificate here in EBS keystore, or alternatively you may do the entire tasks in that Java8, and then copy the resulting keystore, to EBS ..
But! I didn't try this. This may create compatibility problems. But if you want a thought experiment, then you got one:) Just saying.
Free forum by Nabble Edit this page