Move a certificate to an Oracle Wallet

Solution ID:    SO28803    Updated:    02/22/2016

Solution

The below steps detail the process of moving a certificate from a Unix or Windows based system to an Oracle Wallet.
 

Unix System

  1. Obtain the 3 files required for TLS "Certificate, Private_Key, and Intermediate_Certificate."
  2. Using OpenSSL, convert those 3 files into a PKCS12 file named "ewallet.p12" with the command below.
    openssl pkcs12 -export -in Certificate -inkey Private_Key -certfile Intermediate_Certificate -out ewallet.p12
  3. Open the Oracle Wallet Manager Gui interface.
  4. Under the Wallet menu, click Open. Navigate to your newly created "ewallet.p12" file. It will ask you to enter the password you set in step 2 above.
  5. Verify the certificate is listed in the wallet and save.
  6. After completing the above steps, configure the system to use the new wallet. Please contact Oracle support for further assistance.

 

Windows System

  1. Export the certificate from IIS or the MMC console as a PKCS12 and use the name "ewallet.pfx."
  2. Create a Microsoft Management Console (MMC) Snap-in for managing certificates, as described in solution SO9999.
  3. Open the Certificates (Local Computer) snap-in you added, and select Personal > Certificates.
  4. Right-click on the desired certificate and select All Tasks > Export. The Certificate Export Wizard opens, click Next.
  5. Select the radio button, Yes, export the private key. Click Next.
  6. In the Export File Format window, ensure the option for Personal Information Exchange  - PKCS#12 (.pfx) is selected.
  7. Select Include all certificates in the certificate path if possible. If you do not select the Include all certificates in the certificate path if possible option, your server may not recognize the issuer of the certificate, which may result in security warnings for your clients. Click Next.
  8. Enter and confirm a password to protect the PFX file and click Next.
  9. Choose a file name and location for the export file. Click Next.
  10. Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct. Click Finish.
  11. Rename the newly created PKCS12 file to "ewallet.p12". Reason being Oracle Wallet will only accept this file name during the import process.
  12. Open the Oracle Wallet Manager Gui interface.
  13. Under the Wallet menu, click Open. Navigate to your newly created "ewallet.p12' file. It will ask you to enter the password you set in step 8 above.
  14. Verify the certificate is listed in the wallet and save.
  15. After completing the above steps, configure the system to use the new wallet. Please contact Oracle support for further assistance.

 

Verify certificate installation

  1. After you have configured your system to use new Wallet. Verify your installation with the GeoTrust Installation Checker.

 

Oracle

          For more information, see Oracle Support website.

 

Disclaimer:

Geotrust has made efforts to ensure the accuracy and completeness of the information in this document. However, Geotrust makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Geotrust assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, Geotrust assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.

Contact Support

Find Answers


Search Tips