This article will go through steps to create a wallet containing your server certificate and private key provided by your administrator.
1) Creating an auto-login (cwallet.sso)
- Create a new wallet directory to keep things tidy.
- Put together a file “int_root_chain.cer” with: intermediate CA + root CA certificate.
- Use the private key file private.txt as the private key to combining with the user certificate.
- Use cert.crt as the signed user certificate.
openssl pkcs12 -export -in cert.cer -inkey private.txt -certfile int_root_chain.cer -out ewallet.p12
2) Check Oracle wallet
Open the wallet and see the certificates. You’ll see user certificate is in a ready state. But in my case, I hit with below bug.
“The Wallet opens but you see a “Certificate: Empty”, then you are hitting Bug 10178208 USER CERTIFICATE IS NOT VISIBLE IN OWM WITH OPENSSL CREATED WALLETS”.
Please follow the steps as below which is conversion between Key stores and Wallets (orapki).
a) Convert wallet p12 to jks
$Middleware_home/oracle_common/bin/orapki wallet pkcs12_to_jks -wallet ewallet.p12 -jksKeyStoreLoc ewallet.jks -jksKeyStorepwd rubbish123
b) Make new directory.
c) Create an empty wallet..
$Middleware_home/oracle_common/bin/orapki wallet create -wallet new_wallet -pwd "*******"
d) Convert the jks to a wallet
$Middleware_home/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet new_wallet -pwd "*******" -keystore ewallet.jks -jkspwd rubbish123
e) Open the wallet.
Open the newly created ewallet.p12 with Oracle wallet manager and tick “autologin” then save. This step creates the cwallet.sso alongside ewallet.p12
f) Display Wallet
You can check the contents of the wallet with the following command. With auto login, you should able to see the contents without a password.
./orapki wallet display -wallet Wallet_Loc
g) Wallet is ready to use.
3) Secure the Console and OMS to use the new wallet
# Secure console ./emctl secure console -wallet Wallet_Loc # Supply SYSMAN password. # Restart OMS ./emctl stop oms –all ./emctl start oms
# Secure OMS # Put together a file “trusted_certs.txt” with: user Cert+intermediate CA + root CA ./emctl secure oms -wallet Wallet_loc -trust_certs_loc trusted_certs.txt # Supply SYSMAN and Agent registration password. # Restart OMS ./emctl stop oms –all ./emctl start oms
- Secure Agent.
# Secure Agent ./emctl secure agent # Supply agent Registration password. ./emctl upload