certificate-record
This configuration element configures certificate records for TLS support.
Parameter
- name
- The name of this certificate record object.
- country
- Enter the name of the locality for the state
- Default: US
- state
- Enter the name of the locality for the state
- Default: MA
- locality
- Enter the name of the organization holding the certificate
- Default: Burlington
- organization
- Enter the name of the organization holding the certificate
- Default: Engineering
- unit
- Enter the name of the unit for holding the certificate within the organization.
- common-name
- Enter the common name for the certificate record.
- key-size
- Set the size of the key for the certificate.
- Default: 2048
- Values: 1024 | 2048 | 4096 (on systems with appropriate hardware)
- alternate-name
- The alternate name of the certificate holder which can be expressed as an IP
address, DNS host, or email address. Configure this parameter using the
following syntax to express each of these 3 forms.
- IP:<IP address>
- DNS:<DNS IP address/domain>
- email:<email address>
Note:
This field adheres to the standard ACLI character limit of 1024.ORACLE(certificate-record)# alternate-name IP:10.2.2.2,IP:10.3.3.3,DNS:bar.example.com,DNS:foo.example.com - trusted
- Enable or disable trust of this certificate
- Default: enabled
- Values: enabled | disabled
- key-usage-list
- Enter the usage extensions to use with this certificate record;
can be configured with multiple values.
- Default: digitalSignature and keyEncipherment
- Values: digitalSignature | nonRepudiation | keyEncipherment | dataEncipherment | keyAgreement | encipherOnly | decipherOnly
- extended-key-usage-list
- Enter the extended key usage extensions you want to use with
this certificate record.
- Default: serverAuth
- Values: serverAuth | clientAuth
Path
certificate-record is an element under the security path. The full path from the topmost prompt is: .