Configuration of UniCERT Core Components

  1. Verify the Oracle init.ora file:

    • Open C:\Oracle\admin\Unicert\pfile\init.ora.

    • Verify open_cursors=300

    • Max_enables_roles=148 (If not present, add the information and reboot the Oracle server).

  2. Launch the Database Wizard, and log on to the database:

    • Database Administrator ID = system

    • Password: <password>

    • Alias: UNICERT7 (choose the Alias that you want; in this documentation, we will use UNICERT7)

  3. Create user accounts on the Oracle database for CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment..

    • In the UniCERT Database Wizard window, right-click CA.

    • Select Create Entity:

      • Username = CA7 (choose the Username that you want; in this documentation, we are using CA7)

      • Password = <password>

      • Confirm password = <password>

      • Temp tablespace: temp

      • Number of certificates: 100,000

      • Datafile directory: C:\oracle\product\10.2.0\oradata\UNICERT7

      • Index file directory: C:\oracle\product\10.2.0\oradata\UNICERT7

  4. Create user accounts on the Oracle database for CAO.

    • In the UniCERT Database Wizard window, right-click CAO.

    • Choose Create Entity:

      • Username = CAO7 (choose the Username that you want; in this documentation, we will use CAO7)

      • Password = <password>.

      • Confirm password = <password>.

      • Temp tablespace: temp.

      • Associated CA = CA7.

  5. Create a new PKI Registration Policy, and register the CA.

    • Start the CAO using Start > Programs > UniCERTv5.5.1 > CA Operator.

    • Click Cancel when you are asked to log in with your user profile.

    • Select File > New > Policy. The CAO displays a wizard for creating registration policies (RPs). Use the values:

      • Select a standard template.

      • Select CA.

      • Root CA.

      • X.509.

      • Set the Country.

      • Save in: C:\Program Files(x86)\Verizon\UniCERT\MyPolicies\MyCAPolicy.

      • Use all default values (For example, 2048 key size).

  6. Create a new PKI Registration Policy, and register the CAO (This will be an operator in ActivID CMS).

    • Click File > New > Policy. The CAO displays a wizard for creating registration policies (RPs). Use the values:

      • Select a standard template.

      • Select PKI Entity.

      • Select CAO.

      • Set the Country.

      • Save in: C:\Program Files(x86)\Verizon\UniCERT\MyPolicies\MyCAOPolicy.

  7. Create PKI for CA and CAO generating their keys and certificates.

    • Click File > Create new PKI.

    • Enter the values:

      • Name= <My PKI>.

      • Database user name: CA7.

      • Database password: < password>.

      • Database alias: UNICERT7.

    • Click Import Policy. Browse to find MyCAPolicy, and click Finish. Then select the policy, and click Next.

    • Click Edit Registration Details.

      • Common Name: <My PKI CA>.

      • Select Key Size: 2048.

    • Import My CAO policy (browse to find MyCAOPolicy) and click Edit Registration Details:

      • Common Name: CA Operator.

      • Select Key Size: 2048.

      • Key Algo: RSA.

    • Generate the CA and the CAO entities.

      • Certificate starting Serial Number: 1

      • Click Next. The keys and certificates are generated (for the CA and the CAO)

    • Crypto Profile for the CA and CAO: click New, ca7-crypto, Software Only, PSE.

    • Repeat for cao7-crypto.

    • Click Update Database and Save Keys. Two PSE files are generated.

    • Choose the file location: myPSEFiles (ca.pse and cao.pse). Set a Passphrase.

  8. Create Crypto-Profiles for CA and CAO:

    • Click File > Open PKI.

    • Login:

      • Profile: <My PKI>

      • Username: CA7

      • Alias: UNICERT7

    • Crypto Profile: create one by clicking the icon on the right side (Create Crypto Profile).

      • Name = ca7-crypto

      • Save the file

      • File location: open ca.pse

    • The Crypto-Profile is created.

    Note: You cannot open PKI at this stage as you need to log on as operator (cao7).

    To validate that the configuration is successful:

    • Launch Token Manager: ca7-crypto should exist.

    • Right-click and click Test. It should be OK.

    • In the same way, create and test the CAO crypto-Profile.

    • To validate all: File > Open PKI.

      • Database: cao7

      • Alias: UNICERT7

      • Crypto-profile: cao7-crypto

      • Database: cao7

      • Password: < password>

    • Then View > PKI Community, and you should be able to see the certificates, ca and so on.

    Note: The <My PKI> CA and CA Operator are linked.

  9. Create Certificate Authority service.

    • Start Service Manager.

      • Click Service > New Instance > CA7 (choose the Username that you want; in this documentation, we are using CA7)

      • Service name: ca7 service.

      • Click Create.

      • Select the service, and right-click Start.

      • Crypto-Profile: ca7-crypto.

      • User: ca7.

      • Alias: UNICERT7.

    • Create groups: c=en.

  10. For the RA A Registration Authority (RA) is an authority in a network that verifies user requests for a digital certificate and instructs the CA to issue it. An RA is part of a PKI, a networked system that enables companies and users to exchange information safely and securely. configuration, create user accounts on the Oracle database for RA.

    • Launch Database Wizard.

    • Right click RA > Create new entity.

      • Username = RA7 (choose the Username that you want; in this documentation, we will use RA7)

      • Password = <password>.

      • Temp tablespaces = TEMP.

      • 100,000 certificates.

      • Datafile directory: C:\oracle\product\10.2.0\oradata\UNICERT7.

      • Index file directory: C:\oracle\product\10.2.0\oradata\UNICERT7 (use same directories as for CA).

  11. Create a new PKI Registration Policy, and register the RA.

    • Launch CAO Operator (= log on to the database using CAO)

    • File > New > Policy.

      • Use Standard template.

      • Select PKI entity.

      • Select RA.

      • Click File > Save as MyRAPolicy.

  12. Create PKI for RA and generate the keys and certificates.

    • Launch CAO Operator (log on to the database using CAO).

    • New > PKI Entity > Registration Authority.

    • View > PKI Community.

    • New > Registration Authority.

    • Select MyRAPolicy.

    • Edit Registration:

      • CN = <My PKI> RA

    • Generate the RA entity:

      • Crypto Profile for the RA:

      • Click New, ra7-crypto, Software Only, PSE.

      • Generate keys locally > Generate keys.

      • Submit request.

    • When you get a Request Status: Received Response from CA:

      • Select Save keys and certificates.

      • Select Add the entity to the PKI.

      • Click Complete registration.

      • Choose file location in PSE. PSE is saved to file only: myPSEFiles (ra.pse).

      • The RA icon is created.

      • Press CTRL, and drag the icon between <My PKI> CA and <My PKI> RA.

      • Save PKI.

  13. Create Crypto-Profiles for RA.

    • Launch Token Manager.

    • Right-click Crypto Profiles, and click Create:

      • Name = ra7-crypto.

      • Store file.

      • File location: PSE.

    • The Crypto-Profile is created.

    • To validate:

      • Launch Token Manager. ra7-crypto should exist.

      • Right-click, and click Test. It should be OK.

  14. Creation of RA Service:

    • Start Service Manager.

    • Click Service > New Instance > RA7.

    • Start the service:

      • Select the RA crypto profile.

      • Connect to the database:

      • User: ra7

      • Alias UNICERT7

      • Passphrase: <password>

  15. For the RAX (RA eXchange) configuration, create user accounts on the Oracle database for RAX.

    • Launch Database Wizard.

    • Right-click RAX, and click Create new entity.

      • Username = RAX7 (choose the Username that you want; in this documentation, we are using RAX7)

      • Password = <password>

      • Temp tablespaces = TEMP

  16. Create a new PKI Registration Policy and register the RAX.

    • Launch CAO Operator (= log on to the database using CAO).

    • Click File > New > Policy.

    • Use Standard template.

    • PKI entity.

    • RA eXchange.

    • Click File > Save as to MyRAXPolicy.

  17. Create PKI for RAX, and generate the keys and certificates.

    • Click View > PKI Community.

    • Click File > New > PKI Entry > Registration Authority eXchange.

    • Select MyRAX Policy.

    • Edit Registration:

      • CN = <My PKI> RAX.

    • Generate the RAX entity:

      • Crypto Profile for the RAX: click on New, rax7-crypto, Software Only, PSE.

      • Generate keys locally > Generate keys.

      • Submit request.

    • When you get a Request Status: Received Response from CA:

      • Click Save keys and certificates.

      • Click Add the entity to the PKI.

      • Click Complete registration.

      • Choose file location in ‘PSE will be saved to file only”: myPSEFiles (rax.pse). The RAX icon is created.

      • Press CTRL and drag between <My PKI> RA and <My PKI> RAX.

      • Save PKI.

  18. Create Crypto-Profiles for RAX.

    • Launch Token Manager.

    • Right- click Crypto Profiles, and click Create:

      • Name = rax7-crypto.

      • Save the file.

      • File location: PSE.

    • The Crypto-Profile is created.

    • To validate:

      • Launch Token Manager. rax7-crypto should exist.

      • Right-click, and click Test. It should be OK.

  19. Creation of RAX Service.

    • Start Service Manager.

    • Click Service > New Instance > RAX7.

    • Start the service:

      • Select the RAX crypto profile.

      • Connect to the database:

      • User: RAX7.

      • Alias UNICERT7.

      • Passphrase: <password>.