N/APosted on - 12/23/2013
I am trying to import my private keys and certificate through Oracle HTTP Server Wallet. However, each time I try I am receiving an error. The certificate was issued from CA. I can't seem to hook it into the Oracle wallet. I used Open SSL for this. Can someone please explain the steps to resolve this issue? Thanks.
Oracle Wallet Manager
Your default wallet directory does not exist.
Do you want to continue?
Oracle Wallet Manager Directory Does Not Exist
Maybe you are trying to generate a CSR that is not from The OHS Wallet Manager. The Wallet Manager will only accept or let the users to import certificates from CSR and it should be generated by the wallet itself. To properly do this, follow the steps below:
A. First of all, you will need the following:
1. You need to install openssl in your computer.
2. You need to have the PEM format of server's certificate.
3. The private key and password of your server.
4. A PEM format of the CA root and intermediate certificates.
B. Then run the following command where openssl is installed:
Openssl pkcs12 -export -in- certfile -inkey keyfile -certfile cacertfile -out ewallet.p12
Change the value of certfile into your server's certificate, the keyfile into your server's private key and the cacertfile into the CA's root and certificates. You should not change the resulting filename (ewallet.p12) to be able to recognize it by Oracle Wallet Manager.
C. If you will be asked for the private key's passphrase, enter it.
D. Enter the export password also if asked. You must put a non-blank password.
E. And then, upload the resulting file (ewallet.p12) to the Oracle Application Server. Transfer it in a location where OHS can get access.
F. Launch the Oracle Wallet Manager and click Open in Wallet menu.
G. Click Yes when you are prompted with the error message you got.
H. Search for the location where you transfer the ewallet.p12.
I. Enter the export password you typed when you convert the certificate when asked for the wallet password.
J. You can see the wallet and the certificate is empty. You can also see the CA certificate from the Trusted Certificates.
K. From the Wallet menu, choose the Auto Login. To verify that you selected it, the option should have a check mark on it.
L. Choose Exit from the Wallet menu to close the Oracle Wallet Manager.
M. You now have two files in your directory. You must have the ewallet.p12 and the cwallet.sso. These two should be in the same directory to be able to let the OHS access the two.
N. Close the OHS.
O. Edit your OSH ssl.conf so the SSLWallet will go to the directory where you saved the two files.
P. Launch OHS and go to its HTTPS page. Verify your new certificate and CA.