This article will go through steps to create a wallet containing your server certificate and private key provided by your administrator.

1)  Creating an auto-login (cwallet.sso)

  • Create a new wallet directory to keep things tidy.
  • Put together a file “int_root_chain.cer” with: intermediate CA + root CA certificate.
  • Use the private key file private.txt as the private key to combining with the user certificate.
  • Use cert.crt as the signed user certificate.

2)  Check Oracle wallet

Open the wallet and see the certificates. You’ll see user certificate is in a ready state. But in my case, I hit with below bug.
“The Wallet opens but you see a “Certificate: Empty”, then you are hitting Bug 10178208 USER CERTIFICATE IS NOT VISIBLE IN OWM WITH OPENSSL CREATED WALLETS”.

Workaround:
Please follow the steps as below which is conversion between Key stores and Wallets (orapki).

a) Convert wallet p12 to jks

b) Make new directory.

mkdir new_wallet

c) Create an empty wallet..

d) Convert the jks to a wallet

e) Open the wallet.

Open the newly created ewallet.p12 with Oracle wallet manager and tick “autologin” then save. This step creates the cwallet.sso alongside ewallet.p12

f) Display Wallet

You can check the contents of the wallet with the following command. With auto login, you should able to see the contents without a password.

g) Wallet is ready to use.

3) Secure the Console and OMS to use the new wallet

  • Secure console

  • Secure OMS.

  • Secure Agent.

2 Comments

    1. This workaround is not directly written in one MOS document. But i followed couple of oracle MOS documents and bugs workarounds.

Leave a Reply