Return-Path: Delivered-To: 2-oracle-l@orafaq.com Received: (qmail 4084 invoked from network); 18 Dec 2007 17:58:20 -0600 Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180) by static-ip-69-64-49-119.inaddr.intergenia.de with SMTP; 18 Dec 2007 17:58:20 -0600 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 7521B7DB68E; Tue, 18 Dec 2007 18:58:20 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29716-09; Tue, 18 Dec 2007 18:58:20 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 039A17DB604; Tue, 18 Dec 2007 18:58:18 -0500 (EST) Received: with ECARTIS (v1.0.0; list oracle-l); Tue, 18 Dec 2007 18:10:54 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 730B37DB8F7 for ; Tue, 18 Dec 2007 18:10:54 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19358-04 for ; Tue, 18 Dec 2007 18:10:54 -0500 (EST) Received: from ro-out-1112.google.com (ro-out-1112.google.com [72.14.202.183]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 465107DB896 for ; Tue, 18 Dec 2007 18:10:53 -0500 (EST) Received: by ro-out-1112.google.com with SMTP id h4so3772749roe.10 for ; Tue, 18 Dec 2007 15:10:53 -0800 (PST) Received: by 10.142.225.11 with SMTP id x11mr1002329wfg.141.1198019452683; Tue, 18 Dec 2007 15:10:52 -0800 (PST) Received: by 10.142.81.20 with HTTP; Tue, 18 Dec 2007 15:10:52 -0800 (PST) Message-ID: Date: Tue, 18 Dec 2007 17:10:52 -0600 From: "Jason Heinrich" To: mkb , "Hameed, Amir" Subject: Re: Renewing an SSL certificate in Advanced Security Cc: oracle-l In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_21780_30828120.1198019452694" References: <500554.83063.qm@web58007.mail.re3.yahoo.com> X-Google-Sender-Auth: 7b0dc78eea98af69 X-archive-position: 4005 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: jheinrichdba@gmail.com Precedence: normal Reply-to: jheinrichdba@gmail.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l X-Virus-Scanned: Debian amavisd-new at localhost.localdomain ------=_Part_21780_30828120.1198019452694 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Apparently there is a way to delete a certificate from the command line: use the mkwallet utility. mkwallet -d There is almost no documentation about this utility anywhere, but you can see all of the commands it supports by running it without any parameters. Unfortunately, it doesn't seem to be able to delete trusted certificates, but at least I can automate the renewal process now! On 12/17/07, Jason Heinrich wrote: > > I found the Metalink document that describes the "official" way to renew a > certificate (303299.1). Basically you export a CSR for your existing > certificate, get it signed, delete the old certificate (which leaves the CSR > behind), and import the new certificate. Of course, this all requires OWM, > as orapki doesn't provide a way to remove certificates. Obviously this > would be an inconvenience if X wasn't installed on the server. > > I've submitted an SR, so we'll see what Oracle says. > > > -- Jason Heinrich ------=_Part_21780_30828120.1198019452694 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Apparently there is a way to delete a certificate from the command line: use the mkwallet utility.

mkwallet -d <wallet pwd> <wallet location> <DN>

There is almost no documentation about this utility anywhere, but you can see all of the commands it supports by running it without any parameters.  Unfortunately, it doesn't seem to be able to delete trusted certificates, but at least I can automate the renewal process now!

On 12/17/07, Jason Heinrich <jheinrichdba@gmail.com> wrote:
I found the Metalink document that describes the "official" way to renew a certificate (303299.1).  Basically you export a CSR for your existing certificate, get it signed, delete the old certificate (which leaves the CSR behind), and import the new certificate.  Of course, this all requires OWM, as orapki doesn't provide a way to remove certificates.  Obviously this would be an inconvenience if X wasn't installed on the server.

I've submitted an SR, so we'll see what Oracle says.




--
Jason Heinrich ------=_Part_21780_30828120.1198019452694-- -- http://www.freelists.org/webpage/oracle-l