堆栈内存溢出
  简体   繁体   English

使用orapki / wallet manager在oracle 11g中使用sha-256创建证书作为哈希算法

[英]Create certificates with sha-256 as the hash algorithm in oracle 11g using orapki/wallet manager

 原文  2016-07-04 19:13:42       ssl/ encryption/ oracle11g/ sha256/ hashalgorithm

问题描述

I am creating SSL enabled connection between oracle 11g database (11.2.0.1), and java client using thin client jdbc driver (type 4). 我正在使用瘦客户端jdbc驱动程序(类型4)在oracle 11g数据库(11.2.0.1)和java客户端之间创建启用SSL的连接。 We are creating the client/server/root certificates using orapki utility and putting the certificates in oracle wallet. 我们使用orapki实用程序创建客户端/服务器/根证书,并将证书放在oracle钱包中。

It seems the default hash algorithm for encryption, when we create certificates using orapki utility (in oracle 11g db) is md5. 当我们使用orapki实用程序(在oracle 11g db中)创建证书时,似乎是加密的默认哈希算法是md5。 This was working fine, until we upgraded to jdk1.7 u101. 这工作正常,直到我们升级到jdk1.7 u101。 This version of jdk no longer supports MD5. 此版本的jdk不再支持MD5。 So it seems we need to use SHA-256 as the hash algorithm. 所以我们似乎需要使用SHA-256作为哈希算法。 I keep getting references that oracle wallet manager 11.2.0.1+ supports SHA-256, but I cannot find any documentation on how to specify SHA-256 as the hash algorithm while creating the certificates. 我一直得到oracle钱包管理器11.2.0.1+支持SHA-256的引用,但我找不到任何关于如何在创建证书时指定SHA-256作为哈希算法的文档。

Is there a way I can generate certificates through orapki/wallet manager with SHA-256 as the hash algorithm? 有没有办法通过orapki /钱包管理器生成证书,使用SHA-256作为哈希算法?

1 个解决方案

解决方案1
 3 已采纳  2016-07-09 09:50:50

You can use orapki with -sign_alg sha256 to sign your certificates with sha256 instead of md5. 你可以使用orapki和-sign_alg sha256用sha256而不是md5签署你的证书。

For example: Creating a self signed certificate used as the trusted authority 例如:创建用作受信任机构的自签名证书 

orapki wallet create -wallet ./root -pwd welcome123 -nologo
orapki wallet remove -trusted_cert_all -wallet ./root -pwd welcome123  -nologo
orapki wallet add -wallet ./root -dn CN=Certification\ Authority\ For\ Testing,\ O=MyCompany,\ C=US -keysize 2048 -self_signed -validity 7300 -pwd welcome123 -sign_alg sha256  -nologo
orapki wallet export -wallet ./root -dn CN=Certification\ Authority\ For\ Testing,\ O=MyCompany,\ C=US -cert ./root/rootcertificate.crt -pwd welcome123  -nologo
keytool -printcert -file root/rootcertificate.crt
orapki wallet display -wallet ./root -pwd welcome123  -nologo

And the output is: 输出是: 

Owner: CN=Certification Authority For Testing, O=MyCompany, C=US
Issuer: CN=Certification Authority For Testing, O= MyCompany, C=US
Serial number: 0
Valid from: Wed Mar 09 03:35:42 PST 2016 until: Tue Mar 04 03:35:42 PST 2036
Certificate fingerprints:
     MD5:  D1:EB:E4:27:FB:B1:C9:4A:CB:9D:28:A6:5A:C7:E7:20
     SHA1: 39:DD:C2:4A:EA:97:BD:47:52:8C:E6:B9:2C:97:F9:F4:A8:A4:5E:85
     SHA256: 04:28:19:01:AC:83:C3:69:D0:C9:1C:6A:94:08:B7:31:0C:65:21:7F:8E:FB:19:50:22:02:C4:9C:69:B1:1E:F6
     Signature algorithm name: SHA256withRSA
     Version: 1

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SHA-256证书的PayPal更改 - PayPal Changes for SHA-256 Certificates 在AppHarbor(SHA-256)上支持新的PayPal证书 - Supporting new PayPal certificates on AppHarbor (SHA-256) PayPal IPN SHA-256服务器要求 - PayPal IPN SHA-256 server requirement SHA-256 和节点红色 - SHA-256 and node-red Authorize.Net DPM失败,带有SHA-256 SSL证书 - Authorize.Net DPM fails with an SHA-256 SSL cert Paypal SHA-256 更改,对我的 IPN 有何影响? - Paypal SHA-256 changes, what impact for my IPN? 使用MD5-SHA1哈希算法进行RSA签名 - RSA Signing using MD5-SHA1 Hash Algorithm 仅显示发布证书指纹(SHA-256),而不是SHA1 - Displaying the release certificate fingerprint only shows (SHA-256), not SHA1 来自公钥的sha256哈希 - sha256 hash from public key XE中是否存在Oracle Wallet Manager - Does Oracle Wallet manager exist in XE
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM