When you request the console certificate, you can suppress warning messages.

1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.
2. Select the System tab, and then Settings from the left navigation bar.
3. In the Certificates area, click Console Certificate.
4. In the Console Certificate page, click Generate Certificate Request.
   
   Description of the illustration 218_generate_cert_request.png
5. If you need to change the host name of the Oracle Key Vault server, which appears next to Common Name, then click Change.
   The Network Details window appears, where you can change the Host Name setting. Click Save afterward.

   Note:

   If you do not want to change the hostname of the Oracle Key Vault server but still want to use fully qualified domain name (FQDN), you can add the FQDN to the SAN field. Additionally, you can also support two FQDNs for the Oracle Key Vault server one by changing the hostname and the other by adding to the SAN field.
6. Check the box to the left of text Suppress warnings for IP based URL access if you want to suppress browser warnings for server IP address changes.
7. Enter the required fields marked with an asterisk, Organization Name and Country / Region.
   You must enter values for these fields in order to proceed without errors. You may enter values in the rest of the optional fields as needed.
8. Click Submit and Download to the top right.
   A directory window appears, where you can save the certificate.csr file. Select a directory and save the file to a secure location.

   Note:

   In the event that multiple Certificate Signing Requests are generated concurrently, you can verify which is the most recently generated Certificate Signing Request by reloading the Generate Certificate Request page and verifying that the information in the table matches with the correct certificate.csr file. If a table isn't populated on the reload of the page, this means that there is a corrupted certificate.csr file. To resolve this, generate a new certificate.csr file by following the steps outlined earlier Step 1: Download the Certificate Request.

After you download the Oracle Key Vault certificate.csr file, you can have it signed.

• Use any out-of-band method to have the certificate.csr file signed by a CA of your choice.

In addition to uploading the signed certificate, you can optionally choose to deactivate and re-activate the certificate.

1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.
2. Select the System tab, and then Settings from the left navigation bar.
3. In the Certificates area, click Console Certificate.
4. Click Upload Certificate at the top right to display the Upload Certificate page.
5. Select Choose File to display a directory window on your local system.
6. Navigate to the directory where you stored the signed certificate and select it. When you are done, you will see the file name to the right of text Choose File.
   After you select the certificate, you will see the file name to the right of Choose File.
7. Click Upload.
   If the certificate is installed with no errors, then you will see its details appear in a new Uploaded Certificate Details panel after the Console Certificate.

Depending on the situation, you must perform additional steps when you use console certificates.

• Primary-standby environments: If you want to use a console certificate in a primary-standby configuration, then you must install it on the primary and standby servers first, and then pair them.

• Restored data from a backup: If you install a console certificate, perform a backup, and then restore another Oracle Key Vault appliance from that backup, you must re-install the console certificate on the new server before you can use it. The restore process does not copy the console certificate.