SSL - Creating,Importing and Viewing SSL Certificate to Oracle Wallets with orapki and openssl

SSL - Creating, Importing and Viewing SSL Certificate to Oracle Wallets with orapki and openssl

1.password-protected wallet creation:

orapki wallet create -wallet wallet_location

This command will prompt you to enter and re-enter a wallet password. It creates a wallet in the location specified for -wallet.

2.Password-Protected with auto-login enabled: (Used in our environments, Typically used by all)

orapki wallet create -wallet wallet_location -auto_login

This command creates a wallet with auto-login enabled, or it can also be used to enable auto-login on an existing wallet. If the wallet_location already contains a wallet, then auto-login will be enabled for it. To disable the auto-login feature, delete cwallet.sso.For wallets with the auto-login feature enabled, you are prompted for a password only for operations that modify the wallet, such as add


3. Autologin wallets:

To create an auto login wallet (cwallet.sso) that does not need a password, use the following command:

orapki wallet create -wallet wallet_location -auto_login_only


This command creates an auto login wallet (cwallet.sso) that does not need a password to open. You can also modify or delete the wallet without using a password. File system permissions provide the necessary security for such auto login wallets.

4.To view an Oracle wallet:

orapki wallet display -wallet wallet_location

5.Modifying the Password for a Wallet:

To change the wallet password, use the following command:

orapki wallet change_pwd -wallet wallet_location [-oldpwd password ] [-newpwd password]

6.How to add private key and certificates generated using openssl?

a.Create Wallet using openssl:

openssl pkcs12 -export -in nizamappsdba_blogspot_com.cer -inkey nizamappsdba_blogspot_com.key -cerfile nizamappsdba_blogspot_com_interm.cer -out ewallet.p12

b.Enable auto login:

orapki wallet create -wallet . -auto_login


 [or]


If you face Issues while enabling Autologin:
In Oracle HTTP server 12.1.3 an exception thrown when attempting to set the "auto-login" flag on a a wallet using the "orapki" command,I got this error.

Exception in thread "main" java.lang.NullPointerException
at oracle.security.pki.OracleKeyStoreSpi.a(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.a(Unknown Source)
at oracle.security.pki.OracleFileWalletImpl.b(Unknown Source)
at oracle.security.pki.OracleWallet.saveSSO(Unknown Source)
at oracle.security.pki.textui.OracleWalletTextUI.create(Unknown Source)
at oracle.security.pki.textui.OracleWalletTextUI.command(Unknown Source)
at oracle.security.pki.textui.OraclePKITextUI.main(Unknown Source)"


Please follow below steps as an alternate.

a.Create Wallet using openssl:

openssl pkcs12 -export -in nizamappsdba_blogspot_com_cert.cer -inkey nizamappsdba_blogspot_com.key -cerfile nizamappsdba_blogspot_com_interm.cer -out ewallet.p12 
cp ewallet.p12  temp.p12
b. Create Auto login Wallet:
orapki wallet create -wallet -auto_login -with_trust_flags -compat_v12
c. Finally import the pkcs12 file from step 1.
orapki wallet import_pkcs12 -wallet . -pkcs12file  temp.p12 
 

7.How to Convert JKS to wallet:

a.create a password protected Oracle wallet with autologin:

orapki wallet create -wallet ./ -pwd password  -auto_login

b.Migrate the JKS keystore entries to the wallet:

orapki wallet jks_to_pkcs12 -wallet ./ -pwd password -keystore ./ewallet.jks -jkspwd password



appsdbahelp

17+ years of experience in Oracle Database, Oracle Cloud Infrastructure(OCI), Oracle EBS on Cloud, Oracle E-Business Suite, DevOps tools, Oracle WebLogic, Oracle Application Server, Oracle Access Manager and various Operating System flavors including Redhat Linux, UNIX (Solaris, HP-UX) and Windows. Expert in Oracle9i/10g/11g/12c/19c database administration, upgrade, configuration and tuning. Experience in Oracle E-Business Suite technological stack, including architecture, installation, configuration, maintenance, tuning, cloning and patching procedures. Expert in Oracle Cloud Infrastructure(OCI), Oracle EBS On Cloud and Oracle EBS Cloud Manager Experience with Oracle Cloud Solution and Expert of Oracle ERP/Oracle HCM Cloud deployment Experience in Terraform, JSON and chef cloud infrastructure automation framework Knowledge of ASM, Data Guard, Real Application Cluster, Exadata and Exalogic Knowledge of Oracle Enterprise Manager(OEM) Grid Control, Oracle WebLogic, Oracle Internet Directory, Oracle Access Manager and Apache Ability to analyze problem, develops solutions and bring program/project execution to completion.

Post a Comment

Previous Post Next Post