To install a certificate into the soft load balancer Oracle Traffic Director 12c 12.2.1.2 running on the Oracle Public Cloud, you need to own:
- The certificate certificate.cer, in pem format
- The intermediate certificate intermediate.cer, in pem format
- The root certificate root.cer, in perm format
- The PFX certificate.pfx, in pfx format and remember its password
- The certificate private key privatekey.txt
Transfer these files on the SLB host.
Process as follow to to generate the combined certificate chain:
cat certificate.cer intermediate.cer root.cer >combined.cer
Then generate the identify store as follow:
. /u01/data/otd-instance/otd_domain/bin/setDomainEnv.sh
export LPATH=<WORK DIRECTORY>
rm ${LPATH}/new_identity_keystore.jks
echo "Convert the pfx, including both the key and the certificate into a pem file"
openssl pkcs12 -in ${LPATH}/certificate.pfx -out ${LPATH}/temp_certificate.crt -nodes
echo "Generating the new identity key store"
java utils.ImportPrivateKey -keystore ${LPATH}/new_identity_keystore.jks -storepass welcome1 -storetype JKS -keypass welcome1 -alias <cert alias> -certfile ${LPATH}/temp_certificate.crt -keyfile ${LPATH}/privatekey.txt -keyfilepass <pfx password>
Then import the identity keystore then the combined certificate via wlst
"$ORACLE_HOME/oracle_common/common/bin/wlst.sh
connect('weblogic','<wls_password>',"t3s://localhost:8989")
svc = getOpssService('KeyStoreService')
svc.importKeyStore(appStripe='OTD', name='opc-config', password='', aliases='<cert alias>', keypasswords='welcome1', type='JKS', filepath='new_identity_keystore.jks',permission=true)
svc.importKeyStoreCertificate(appStripe='OTD', name='opc-config', password='', alias='<cert alias>', keypassword='', type='CertificateChain', filepath='combined.cer')
From now on, the certifcate <cert-alias> can be used with any SSL listener configured with OTD.