Managing Certificates with obcm
Managing Security for Backup Networks 6-21
Managing Certificates with obcm
This section explains how to use the obcm utility. You can use this utility to import
certificates, export certificates, and export certificate requests.
You must use obcm when you add hosts in the domain in manual rather than
automated certificate provisioning mode. In this case, the Certification Authority
(CA) does not issue a signed certificate to a host over the network, so you must export
the signed certificate from the administrative server, manually transfer the certificate
to the newly configured host, and then import the certificate into the host's wallet.
Both an identity certificate and a wallet exist as files on the operating system. The
operating system user running obcm must have write permissions in the wallet
directory. By default, the wallet used by Oracle Secure Backup is located in the
following locations:
■ /usr/etc/ob/wallet (UNIX and Linux)
■ C:\Program Files\Oracle\Backup\db\wallet (Windows)
The obcm utility always accesses the wallet in the preceding locations. You cannot
override the default location.
Exporting Signed Certificates
You can use obcm on the administrative server to export a signed certificate for a
newly configured host.
To export a signed identity certificate:
1. Log on to the administrative server.
2. Assuming that your PATH variable is set correctly, enter obcm at the operating
system command line to start the obcm utility. The operating system user running
obcm must have write permissions in the wallet directory.
3. Enter the following command, where hostname is the name of the host
requesting the certificate and certificate_file is the filename of the exported
request:
export --certificate --file certificate_file --host hostname
For example, the following command exports the signed certificate for host
brhost2 to file /tmp/brhost2_cert.f:
export --certificate --file /tmp/brhost2_cert.f --host brhost2
Importing Signed Certificates
You can use obcm on the host to import a signed certificate into the host's wallet.
To import a signed identity certificate into the wallet of a host:
1. Log on to the host whose wallet contains the certificate.
2. Assuming that your PATH variable is set correctly, enter obcm at the operating
system command line to start the obcm utility. The operating system user running
obcm must have write permissions in the wallet directory.
3. Copy the signed identity certificate to a temporary location on the file system.
4. Enter the following command at the obcm prompt, where signed_
certificate_file is the filename of the certificate:
To Next Page
Loading...
Need help?
General