Configuring Security for the Administrative Domain
Managing Security for Backup Networks 6-17
Configuring Media Servers and Clients
Oracle Secure Backup creates security credentials for a host when you use the Oracle
Secure Backup Web tool or run the mkhost command in obtool to configure the host.
The procedure differs depending on whether you add hosts in automated or manual
certificate provisioning mode.
Automated Certificate Provisioning Mode
If you create the hosts in automated certificate provisioning mode, then you are not
required to perform additional steps. Oracle Secure Backup creates the wallet, keys,
and certificates for the host automatically as part of the normal host configuration.
Manual Certificate Provisioning Mode
You must use the obcm utility when you add hosts in the domain in manual rather
than automated certificate provisioning mode. In this case, the certificate authority
does not issue a signed certificate to a host over the network, so you must export the
signed certificate from the administrative server, manually transfer the certificate to
the newly configured host, and then import the certificate into the host's wallet.
Both an identity certificate and a wallet exist as files on the operating system. The
operating system user running obcm must have write permissions in the wallet
directory. By default, the wallet used by Oracle Secure Backup is located in the
following locations:
■ /usr/etc/ob/wallet (UNIX and Linux)
■ C:\Program Files\Oracle\Backup\db\wallet (Windows)
The obcm utility always accesses the wallet in the preceding locations. You cannot
override the default location.
If you choose to add hosts in manual certificate provisioning mode, then you must
perform the following steps for each host:
1. Log on to the administrative server.
2. Assuming that your PATH variable is set correctly, enter obcm at the operating
system command line to start the obcm utility. The operating system user running
obcm must have write permissions in the wallet directory.
3. Enter the following command, where hostname is the name of the host
requesting the certificate and certificate_file is the filename of the exported
request:
export --certificate --file certificate_file --host hostname
For example, the following command exports the signed certificate for host
brhost2 to file /tmp/brhost2_cert.f:
export --certificate --file /tmp/brhost2_cert.f --host brhost2
4. Copy the signed identity certificate to some type of physical media and physically
transfer the media to the host.
5. Log on to the host whose wallet contains the certificate.
6. Assuming that your PATH variable is set correctly, enter obcm at the operating
system command line to start the obcm utility. The operating system user running
obcm must have write permissions in the wallet directory.
See Also: "Determining the Distribution Method of Host Identity
Certificates" on page 6-7
To Next Page
Loading...
Need help?
General