Identity and Access Management, Identity Governance

A .pem format certificate will most likely be ASCII-readable. It will have a line -----BEGIN CERTIFICATE----- , followed by base64-encoded data, followed by a line -----END CERTIFICATE----- . There may be other lines before or after. Even though PEM encoded certificates are ASCII they are not human readable.  Here are some commands that will let you output the contents of a certificate in human readable form; How to View PEM encoded certificate ---------------------------- Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate openssl x509 -in cert.pem -text -noout openssl x509 -in cert.cer -text -noout openssl x509 -in cert.crt -text -noout If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below” unable to load certificate 12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecti

Sometime openssl tool gives issue with reading the pem file. If the cert is pasted from a browser then CR and LF characters will be missing, and makes openssl not read/load the cert file.  Although keytool worked fine. Error message: unable to load certificate PEM routines PEM_read_bio:bad base64 decode:pem_libc Make sure cert is enclosed withing BEGIN CERTIFCATE and END CERTIFICATE statements See details (from blog http://srdevspot.blogspot.com/2011/08/openssl-error0906d064pem.html) openssl error:0906D064:PEM routines:PEM_read_bio:bad base64 decode I had a problem today where Java keytool could read a X509 certificate file, but openssl could not. Immediately, I thought, "Oh, it must be in DER instead of PEM," but it was in PEM (plain text). Then I remembered something I stumbled upon months ago: openssl is picky about PEM certificate formatting. 1. The file must contain: -----BEGIN CERTIFICATE----- on a separate line (i.e. it must be terminated with a newli

Provisioning to two Active Directory Domains with Oracle Identity Manager – Connector Cloning – Part I by  Vijayakumar Chinnasamy  on  February 14, 2011  in  Oracle Techies Get the latest updates on  Oracle Techies  directly in your inbox.  Subscribe now In many large enterprises, there can be two Active Directory Domains used (sometimes more than two), for example, one for India users and one for North America users (Considering the company has two major locations). This requires two AD Connector instances to be created in OIM, for provisioning and reconciliation purposes. OIM Connector Guide for Active Directory User Management provides following description for creating copies of the Connector to provision into multiple target systems. However detailed instructions are not available in the connector. From the  Oracle  Connector Documentation (Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management – Release 9.1.1 – E11197-11 – Page 186):