Configuring Security for the Administrative Domain
6-18 Oracle Secure Backup Installation and Configuration Guide
7.
Copy the signed identity certificate to a temporary location on the file system.
8. Enter the following command at the obcm prompt, where signed_
certificate_file is the filename of the certificate:
import --file signed_certificate_file
Because only one Oracle Secure Backup wallet exists on the host, you are not
required to specify the --host option. For example, the following example
imports the certificate from /tmp/brhost2_cert.f:
import --file /tmp/brhost2_cert.f
The obcm utility issues an error message if the certificate being imported does not
correspond to the certificate request in the wallet.
9. Remove the certificate file from its temporary location on the operating system.
For example:
rm /tmp/brhost2_cert.f
The obcm utility checks that the public key associated with the certificate for the host
corresponds to the private key stored in the wallet with the certificate request. If the
keys match, then the host is a member of the domain. If the keys do not match, then an
attacker probably attempted to pass off their own host as the host during processing of
the mkhost command. You can run the mkhost command again after the rogue host
has been eliminated from the network.
Setting the Size for Public and Private Keys
As a general rule, the larger the sizes of the public key and the private key, the more
secure they are. On the other hand, the smaller the key, the better the performance.
The default key size for all hosts in the domain is 1024 bits. If you accept this default,
then you are not required to perform any additional configuration.
Oracle Secure Backup enables you to set the key to any of the following bit values,
which are listed in descending order of security:
■ 4096
■ 3072
■ 2048
■ 1024
■ 768
■ 512
This section contains these topics:
■ Setting the Key Size in obparameters
■ Setting the Key Size in the certkeysize Security Policy
■ Setting the Key Size in mkhost
Setting the Key Size in obparameters
The obparameters file specifies the default key size in the security policy, which if
used is set up during the installation process. The key size for all hosts in the domain
defaults to this value.
To Next Page
Loading...
Need help?
General