Ask a Question

Move a certificate to an Oracle Wallet

Solution

The below steps detail the process of moving a certificate from a Unix or Windows based system to an Oracle Wallet.
 

Unix System

  1. Obtain the 3 files required for TLS "Certificate, Private_Key, and Intermediate_Certificate."
  2. Using OpenSSL, convert those 3 files into a PKCS12 file named "ewallet.p12" with the command below.
    openssl pkcs12 -export -in Certificate -inkey Private_Key -certfile Intermediate_Certificate -out ewallet.p12
  3. Open the Oracle Wallet Manager Gui interface.
  4. Under the Wallet menu, click Open. Navigate to your newly created "ewallet.p12" file. It will ask you to enter the password you set in step 2 above.
  5. Verify the certificate is listed in the wallet and save.
  6. After completing the above steps, configure the system to use the new wallet. Please contact Oracle support for further assistance.

 

Windows System

  1. Export the certificate from IIS or the MMC console as a PKCS12 and use the name "ewallet.pfx."
  2. Create a Microsoft Management Console (MMC) Snap-in for managing certificates, as described in solution  SO9999.
  3. Open the Certificates (Local Computer) snap-in you added, and select Personal > Certificates.
  4. Right-click on the desired certificate and select All Tasks > Export. The Certificate Export Wizard opens, click Next.
  5. Select the radio button, Yes, export the private key. Click Next.
  6. In the Export File Format window, ensure the option for Personal Information Exchange  - PKCS#12 (.pfx) is selected.
  7. Select Include all certificates in the certificate path if possible. If you do not select the Include all certificates in the certificate path if possible option, your server may not recognize the issuer of the certificate, which may result in security warnings for your clients. Click Next.
  8. Enter and confirm a password to protect the PFX file and click Next.
  9. Choose a file name and location for the export file. Click Next.
  10. Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct. Click Finish.
  11. Rename the newly created PKCS12 file to "ewallet.p12". Reason being Oracle Wallet will only accept this file name during the import process.
  12. Open the Oracle Wallet Manager Gui interface.
  13. Under the Wallet menu, click Open. Navigate to your newly created "ewallet.p12' file. It will ask you to enter the password you set in step 8 above.
  14. Verify the certificate is listed in the wallet and save.
  15. After completing the above steps, configure the system to use the new wallet. Please contact Oracle support for further assistance.

 

Verify certificate installation

  1. After you have configured your system to use new Wallet. Verify your installation with the GeoTrust Installation Checker.

 

Oracle

          For more information, see Oracle Support website.