Oracle Web Server

In this first step you generate a request for Digi-Sign to issue a certificate. It involves generating a public/private key-pair and identifying the server, the organization using it, and its Webmaster. The private key is encrypted and should never leave your server, except for backup purposes. The public key will become part of the certificate and is therefore sent to Digi-Sign, together with the rest of the information identifying your organization and your server.

To generate a certificate request, you will run the interactive utility genreq and enter the information for which it prompts you.

When the prompt specifies a default value, you can just press return to enter that value, or enter a different value if you prefer.

For an example of how to use genreq, see the following sample genreq session. Before you start, create a directory to store all SSL related files in, for example $ORACLE_HOME/ows2/ssl. To avoid typing long path names or moving files later, you can start genreq from this directory. To run genreq, do the following:

• Start genreq, located in $ORACLE_HOME\OWS20\BIN on NT (typically c:\orant\ows20\bin) and $ORACLE_HOME/ows2/bin on UNIX:
• Type G to begin creating a certificate request:
• When prompted, type a password (minimum of 8 characters), used in encrypting your private key. Remember this password.
• Retype the password for confirmation. If the password does not match, genreq will not warn you, it will just repeat step 3.
• Choose the public exponent you want to use one in generating the key pair. The only two recognized exponents are 3 and 65537, commonly called Fermat 4 or F4.
• Enter the size in bits of the modulus you want to use in generating the key pair. For the version of genreq sold in the United States of America, the size may be from 1 to 2048. The default size is 768 bits and the maximum is 2048 bits. A modulus size of 2048 is recommended for most browsers and also by Digi-Sign. For versions of genreq sold outside the USA, the maximum (and default) modulus size is 512 bits. (NOTE: 2048 bits would be equal to a 256 bit encryption)
• Choose one of three methods for generating a random seed to use in generating the key pair:
• Random file: genreq prompts you to enter the full pathname of a file in your local file system. This can be any file that is at least 256 bytes in size, does not contain any secret information, and has contents that cannot easily be guessed (on UNIX, you can use /var/adm/messages, on NT you can use \WINNT\System32\config\AppEvent.Evt)
• Random key sequences: genreq prompts you to enter random keystrokes. Genreq uses the variation in time between keystrokes to generate the seed. Do not use the keyboard's auto repeat capability, and do not wait longer than two seconds between keystrokes. Genreq prompts you when you have typed enough keystrokes. You must delete any unused characters typed after this prompt.
• Both: genreq prompts you to enter both a file name and random keystrokes. This option is recommended.



The next three steps will tell genreq where it should write certain files. If you have created an SSL directory and have started genreq from this directory, you can accept the defaults. Otherwise, you may want to include full pathnames, or plan to move the files that genreq created later.

• Enter the name of a file in which to store your WebServer's distinguished name. You can choose the default, or enter any filename with a .der extension. Genreq creates this file in the current directory, though you may later move it to any convenient location.
• Enter the name of a file in which to store your WebServer's private key. You can choose the default, or enter any filename with a .der extension. Genreq creates this file in the current directory, though you may later move it to any convenient location.
• Enter the name of a file in which to store the certificate request. You can choose the default, or enter any filename with a .pkc extension.
• Enter the requested identification information for your organization:
• Common Name - The fully qualified host name of your organization's Internet point of presence as defined by the Domain Name Service (DNS). Example: www.yoursitename.com [2]
• Organizational Unit (optional) - The name of the group, division, or other unit of your organization responsible for your Internet presence, or an informal or shortened name for your organization. Example: Marketing Department
• Organization - The official, legal name of your company or organization. Most CAs [3] require you to verify this name by providing official documents, such as a business license. Example: My Company Inc.
• Locality - (optional) The city, principality, or country where your organization is located. Example: Montreal
• State or Province - The full name of the state or province where your organization is located. Digi-Sign does not accept abbreviations. Example: Quebec
• Country - The two-character ISO-format abbreviation for the country where your organization is located. The country code for Example: Canada is CA
• WebMaster's Name - The name of the Web Master responsible for the site. This person will serve as a technical contact. Example: Sergio Leunissen
• WebMaster's Email Address-The email address where Digi-Sign can contact the Web Master. Example: sleuniss@yoursitename.com [4]
• Server Software Version - The name and version number of the application for which you are getting the certificate (you should accept the default value).