OTD: Installing a public certificate

To install a certificate into the soft load balancer Oracle Traffic Director 12c 12.2.1.2 running on the Oracle Public Cloud, you need to own:

  • The certificate certificate.cer, in pem format
  • The intermediate certificate intermediate.cer, in pem format
  • The root certificate root.cer, in perm format
  • The PFX certificate.pfx, in pfx format and remember its password
  • The certificate private key privatekey.txt

Transfer these files on the SLB host.

Process as follow to to generate the combined certificate chain:

cat certificate.cer intermediate.cer root.cer >combined.cer

Then generate the identify store as follow:

. /u01/data/otd-instance/otd_domain/bin/setDomainEnv.sh

export LPATH=<WORK DIRECTORY>
rm ${LPATH}/new_identity_keystore.jks

echo "Convert the pfx, including both the key and the certificate into a pem file"
openssl pkcs12 -in ${LPATH}/certificate.pfx -out ${LPATH}/temp_certificate.crt -nodes

echo "Generating the new identity key store"
java utils.ImportPrivateKey -keystore ${LPATH}/new_identity_keystore.jks -storepass welcome1 -storetype JKS -keypass welcome1 -alias <cert alias> -certfile ${LPATH}/temp_certificate.crt -keyfile ${LPATH}/privatekey.txt -keyfilepass <pfx password>

Then import the identity keystore then the combined certificate via wlst

"$ORACLE_HOME/oracle_common/common/bin/wlst.sh 

connect('weblogic','<wls_password>',"t3s://localhost:8989")

svc = getOpssService('KeyStoreService')
svc.importKeyStore(appStripe='OTD', name='opc-config', password='', aliases='<cert alias>', keypasswords='welcome1', type='JKS', filepath='new_identity_keystore.jks',permission=true)
svc.importKeyStoreCertificate(appStripe='OTD', name='opc-config', password='', alias='<cert alias>', keypassword='', type='CertificateChain', filepath='combined.cer')


From now on, the certifcate <cert-alias> can be used with any SSL listener configured with OTD.