Renew certificates in OAM 10.1.4.3

I’m working on OAM 101.1.4.3 environment which is setup in CERT mode. I noticed that OAM Servers have stopped working and are not coming up. Furthermore I’ve identified that OAM certificates are expired.

Here are the steps you need to do to renew the certs:

  1. Get the new certificates.
  2. Prepare it as ois_cert.pem, ois_key.pem and ois_chain.pem certificates for Identity server and WebPass. You should have private key password handy. Similarly prepare certs aaa_key.pem, aaa_cert.pem and aaa_chain.pem and aaa_server.pem for Access Server and Policy Manager and WebGates.
  3. Place the above certs in either <identity>/oblix/config and <access>/oblix/config appropriately.
  4. Pick up the passsword.xml present in <OAM_Component>/oblix/config folder and observe the password encrypted.
  5. Use the tool obencrypt.exe which is available in OAM 10.1.4.0.1 webgates (and not in higher versions) and run the command obencrypt.exe key_pwd
  6. The above command gives encrypted password output.
  7. Place this encrypted password in password.xml.
  8. Restart OAM Identity and Access Servers along with WebServer.

NOTE: There would be a different way to renew certificate using configure_AAA_Server that would encrypt the key password behind the scenes but I am not convering this here.

If you want to learn more in Oracle Access Manager, then register for our free Minicourse by clicking on below image.

OAM FREE Mini Course by Oracle ACE Atul Kumar

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

1 comments
Add Your Reply