Tuesday, August 20, 2013

Creating A Self-Signed Oracle Wallet With orapki

Holy moly. Talk about the snake eating it's own tail.

Long story short: six years after developing a login module for Department of Defense Common Access Cards and an Oracle Forms application I was recently asked to do the same thing but on an Oracle 11g application server versus the Oracle 10g application server. Of course the Oracle 11g Middleware stack is almost completely different from the 10g version, but I still need an Oracle Wallet with a self-signed certificate. Six years is a long time to remember something like this but thanks to Google to answer was only a "Oracle Wallet self-signed certificate" search away.

And I found this: Oracle Wallet w/ Self-Signed Certificate on Tyler Muth's blog where a how-to I wrote six years ago on a now-defunct blog was re-posted. Thankfully Tyler re-posted the all of the steps and the links.

My method used OpenSSL to generate a trusted CA cert to sign a request generated by an Oracle Wallet and then importing the ca cert and the signed cert into the wallet. So, I downloaded cygwin, OpenSSL, the OpenSSL scripts and then I looked in the comments on Tyler's post and found another solution (thanks Frank!) using the orapki utility. This looked a lot easier, and it was, after I figured out how to translate it from 'nix to Windows-speak.

So here it is, how to use the orapki utility to create a wallet with a self-signed certificate on a Windows box:

  1. orapki wallet create -wallet wallet_location -auto_login -pwd wallet_password
  2. orapki wallet add -wallet wallet_location -dn “cn=server_hostname,cn=foo,dc=bar,dc=com” -keysize 1024 -self_signed -validity 3650 -pwd wallet_password
Notes:
  • wallet_location is the directory the new wallet will be located in, not the wallet's filenname (Oracle likes its wallets to be named "ewallet.p12." Usually easier to leave it that way.)
  • wallet_password is the wallet password. You specify it in the first step and will then use whenever you do soemething to the wallet, like add a certificate, using orapki or the Oracle Wallet Manager. Keep it in a safe place - no way to get into the wallet if you forget it in the future.

Finally, thanks Tyler - how did we get things done before the Internet?

Labels: , , ,

posted by jac1962 @ 2:44 PM   0 Comments