Adding a Certificate Request

You can add multiple certificate requests with Oracle Wallet Manager. When adding multiple requests, Oracle Wallet Manager automatically populates each subsequent request dialog box with the content of the initial request that you can then edit.

The actual certificate request becomes part of the wallet. You can reuse any certificate request to obtain a new certificate. However, you cannot edit an existing certificate request. Store only a correctly filled out certificate request in a wallet.

To create a PKCS #10 certificate request:

  1. Start Oracle Wallet Manager.

    • (UNIX) At the command line, enter the following command:

      owm

    • (Windows) Select Start, Programs, Oracle-HOME_NAME, Integrated Management Tools, Wallet Manager

  2. If the wallet is closed, then open it by selecting Open from the Wallet menu. When prompted, select the wallet directory location, and then enter your wallet password.

  3. From the Operations menu, select Add Certificate Request.

    The Create Certificate Request dialog box is displayed.

    The online Help for Oracle Wallet Manager becomes unresponsive when modal dialog boxes appear, such as the one for entering certificate request information. The online Help becomes responsive once the modal dialog box is closed.

  4. Enter the information specified in Table 6-7.

  5. Click OK.

    A message informs you that a certificate request was successfully created. You can either copy the certificate request text from the body of this dialog panel and paste it into an e-mail message to send to a certificate authority, or you can export the certificate request to a file. At this point, Oracle Wallet Manager has created your private/public key pair and stored it in the wallet. When the certificate authority issues your certificate, it will also be stored in the wallet and associate it with its corresponding private key.

  6. Click OK.

    The status of the certificate changes to [Requested].

    See Also:

    "Exporting a User Certificate Request"

Table 6-7 Certificate Request: Fields and Descriptions

Field Name Description

Common Name

Mandatory. Enter the name of the user's or service's identity. Enter a user's name in first name /last name format.

Example: Eileen.Sanger

Organizational Unit

Optional. Enter the name of the identity's organizational unit. Example: Finance.

Organization

Optional. Enter the name of the identity's organization. Example: XYZ Corp.

Locality/City

Optional. Enter the name of the locality or city in which the identity resides.

State/Province

Optional. Enter the full name of the state or province in which the identity resides.

Enter the full state name, because some certificate authorities do not accept two–letter abbreviations.

Country

Mandatory. Select Country to view a list of country abbreviations. Select the country in which the organization is located.

DN

Mandatory. Select the Algorithm (Key Size/Elliptic Curve) list to view a list of key sizes to use when creating the public/private key pair. Refer to Table 6-8 to evaluate the key size.

Advanced

Optional. Select Advanced to view the Advanced Certificate Request dialog panel. Use this field to edit or customize the identity's distinguished name (DN). For example, you can edit the full state name and locality.

Table 6-8 lists the available key sizes and the relative security each size provides. Typically, CAs use key sizes of 1024 or 2048. When certificate owners wish to keep their keys for a longer duration, they choose 3072 or 4096 bit keys.

Table 6-8 Available Key Sizes

Key Size Relative Security Level

512 or 768

Not regarded as secure.

1024 or 2048

Secure.

3072 or 4096

Very secure.