Posted by Laurel on Nov 02, 2024; 1:32pm
URL: http://erman-arslan-s-oracle-forum.124.s1.nabble.com/TLS-EBS-12-2-14-and-cert-tp12726.html

Hi Dear Erman!

I have a problem with interpreting   the note TLS 12-2 1367293.1
We have  currenty TLS v1.0, v1.2 v1.2 enabled p  with the old certificate. That certificate and authorty will stop working in 1/2 year.

We need  to change to only TLS v1.2 . So applied all patches mentioned in 1367293.1
Then  created new identity wallet  10.2 step and sent to authority the request new certificate
We got back pfx type  and  did the steps in 10.1
So  those steps in 10.1 created new cwallet.so  and then I will use this new one ( and remove the one i created in 10.2 first to get request sent )
Correct ?

Then i dont understand what should i do  about this:
In section 8 about  old location  of wallet for OPMN and OHS..
Previous wallet locations:
    <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default
    <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/proxy-wallet
    <s_ohs_instance_loc>/config/OPMN/opmn/wallet
    $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet
    $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet
the old certificate not using  MD5withRSA .  So  will not have the problem with MD5withRSA, but the certificate will be expired.  So should i remove from  above locations old cwallet.so  and the put  the new one that i got extracted  from pfx  in 10.1  step ?

Do you see problem  IF for  EBS  used internally only that  i will skip enabling  "TLS for the WLS admin server"  (5.5) ? I know that i will get unsecure in edge.. but apart from that... ?

thx alot!
take care!
Laurel