SSL - Creating, Importing and Viewing SSL Certificate to Oracle Wallets with orapki and openssl
This command will prompt you to enter and re-enter a wallet password. It creates a wallet in the location specified for -wallet.
2.Password-Protected with auto-login enabled: (Used in our environments, Typically used by all)
orapki wallet create -wallet wallet_location -auto_login
This command creates a wallet with auto-login enabled, or it can also be used to enable auto-login on an existing wallet. If the wallet_location already contains a wallet, then auto-login will be enabled for it. To disable the auto-login feature, delete cwallet.sso.For wallets with the auto-login feature enabled, you are prompted for a password only for operations that modify the wallet, such as add
This command creates an auto login wallet (cwallet.sso) that does not need a password to open. You can also modify or delete the wallet without using a password. File system permissions provide the necessary security for such auto login wallets.
4.To view an Oracle wallet:
orapki wallet display -wallet wallet_location
orapki wallet change_pwd -wallet wallet_location [-oldpwd password ] [-newpwd password]
openssl pkcs12 -export -in nizamappsdba_blogspot_com.cer -inkey nizamappsdba_blogspot_com.key -cerfile nizamappsdba_blogspot_com_interm.cer -out ewallet.p12
b.Enable auto login:
orapki wallet create -wallet . -auto_login
[or]
If you face Issues while enabling Autologin:
In Oracle HTTP server 12.1.3 an exception thrown when attempting to set the "auto-login" flag on a a wallet using the "orapki" command,I got this error.
Exception in thread "main" java.lang.NullPointerException
at oracle.security.pki.OracleKeyStoreSpi.a(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.a(Unknown Source)
at oracle.security.pki.OracleFileWalletImpl.b(Unknown Source)
at oracle.security.pki.OracleWallet.saveSSO(Unknown Source)
at oracle.security.pki.textui.OracleWalletTextUI.create(Unknown Source)
at oracle.security.pki.textui.OracleWalletTextUI.command(Unknown Source)
at oracle.security.pki.textui.OraclePKITextUI.main(Unknown Source)"
Please follow below steps as an alternate.
a.Create Wallet using openssl:
openssl pkcs12 -export -in nizamappsdba_blogspot_com_cert.cer -inkey nizamappsdba_blogspot_com.key -cerfile nizamappsdba_blogspot_com_interm.cer -out ewallet.p12
cp ewallet.p12 temp.p12
b. Create Auto login Wallet:
orapki wallet create -wallet -auto_login -with_trust_flags -compat_v12
c. Finally import the pkcs12 file from step 1.
orapki wallet import_pkcs12 -wallet . -pkcs12file temp.p12
orapki wallet create -wallet ./ -pwd password -auto_login
b.Migrate the JKS keystore entries to the wallet:
orapki wallet jks_to_pkcs12 -wallet ./ -pwd password -keystore ./ewallet.jks -jkspwd password
1.password-protected wallet creation:
orapki wallet create -wallet wallet_locationThis command will prompt you to enter and re-enter a wallet password. It creates a wallet in the location specified for -wallet.
2.Password-Protected with auto-login enabled: (Used in our environments, Typically used by all)
orapki wallet create -wallet wallet_location -auto_login
This command creates a wallet with auto-login enabled, or it can also be used to enable auto-login on an existing wallet. If the wallet_location already contains a wallet, then auto-login will be enabled for it. To disable the auto-login feature, delete cwallet.sso.For wallets with the auto-login feature enabled, you are prompted for a password only for operations that modify the wallet, such as add
3. Autologin wallets:
To create an auto login wallet (cwallet.sso) that does not need a password, use the following command:
orapki wallet create -wallet wallet_location -auto_login_only
This command creates an auto login wallet (cwallet.sso) that does not need a password to open. You can also modify or delete the wallet without using a password. File system permissions provide the necessary security for such auto login wallets.
4.To view an Oracle wallet:
orapki wallet display -wallet wallet_location
5.Modifying the Password for a Wallet:
To change the wallet password, use the following command:
orapki wallet change_pwd -wallet wallet_location [-oldpwd password ] [-newpwd password]
6.How to add private key and certificates generated using openssl?
a.Create Wallet using openssl:
b.Enable auto login:
orapki wallet create -wallet . -auto_login
[or]
If you face Issues while enabling Autologin:
In Oracle HTTP server 12.1.3 an exception thrown when attempting to set the "auto-login" flag on a a wallet using the "orapki" command,I got this error.
Exception in thread "main" java.lang.NullPointerException
at oracle.security.pki.OracleKeyStoreSpi.a(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.a(Unknown Source)
at oracle.security.pki.OracleFileWalletImpl.b(Unknown Source)
at oracle.security.pki.OracleWallet.saveSSO(Unknown Source)
at oracle.security.pki.textui.OracleWalletTextUI.create(Unknown Source)
at oracle.security.pki.textui.OracleWalletTextUI.command(Unknown Source)
at oracle.security.pki.textui.OraclePKITextUI.main(Unknown Source)"
Please follow below steps as an alternate.
a.Create Wallet using openssl:
cp ewallet.p12 temp.p12
b. Create Auto login Wallet:
orapki wallet create -wallet -auto_login -with_trust_flags -compat_v12
c. Finally import the pkcs12 file from step 1.
orapki wallet import_pkcs12 -wallet . -pkcs12file temp.p12
7.How to Convert JKS to wallet:
a.create a password protected Oracle wallet with autologin:orapki wallet create -wallet ./ -pwd password -auto_login
b.Migrate the JKS keystore entries to the wallet:
orapki wallet jks_to_pkcs12 -wallet ./ -pwd password -keystore ./ewallet.jks -jkspwd password