Hello everyone. Today we wanted to tell you about our experience in creating an Oracle wallet to access the database in version 19c. We already published an entry to do it in 11g and 12c in the following post:
https://www.gpsos.es/2019/01/crear-wallet-oracle-certificado-p12/
When performing the same operation in Oracle 19c we have found a failure in one of the steps, specifically in the step:
orapki wallet pkcs12_to_jks -wallet ewallet.p12 -pwd test123 -jksKeyStoreLoc ewallet.jks -jksKeyStorepwd test123
The error that appears is:
Unable to perform operation :null
When reviewing we see that there is no information in the logs or in metalink that gives us a clue of what may be happening, so we are going to do it in another way.

Create Oracle Wallet for Version 19c
We load the 19c version variables:
. oraenv ORACLE_SID = [] ? TEST19 The Oracle base has been changed to /opt/oracle
Our certificate is called test1.gpsos.es.cer and the key test1.gpsos.es.key:
certified cd openssl pkcs12 -export -in test1.gpsos.es.cer -inkey test1.gpsos.es.key -certfile CA.cer -out ewallet.p12
We enter our key for the certificate
- The first step is to convert from p12 to jks
keytool -v -importkeystore -srckeystore ewallet.p12 -srcstoretype PKCS12 -destkeystore ewallet.jks -deststoretype JKS
We import all associated certificates:
keytool -import -alias Root -keystore ewallet.jks -trustcacerts -file CA.cer keytool -import -alias Intermediate -keystore ewallet.jks -trustcacerts -file CA.cer keytool -list -keystore ewallet.jks
- We create an empty wallet where you can import the new certificates:
mkdir /home/oracle/certificates/wallet orapki wallet create -wallet /home/oracle/certificados/wallet -pwd test123 -auto_login -pwd test123
- We convert the jks file to wallet:
orapki wallet jks_to_pkcs12 -wallet /home/oracle/certificados/wallet -pwd test123 -keystore ./ewallet.jks -jkspwd test123
- We copy the wallet to its final route:
cd /home/oracle/certificates/wallet chown oracle:dba ewallet.p12 cwallet.sso chmod 640 ewallet.p12 cwallet.sso mkdir -p /app/oracle/product/19.3.0.0/db_1/owm/wallets/oracle cp /home/oracle/certificates/wallet/* /app/oracle/product/19.3.0.0/db_1/owm/wallets/oracle
Once finished we can call owm and check that the wallet opens correctly and we have our certificates available.
If you have questions about how to create the Wallet or prefer that we do it, contact us without obligation. We can also advise you and assess your environment if you wish. We can help you if you are suffering from slowness problems, crashes, database engine version update, migrations, etc. Ask for information without obligation and we will evaluate your case. We are experts in Databases such as Oracle, SQL Server, MySQL, MongoDB…
We hope you find it useful and save you problems when working with this functionality. See you in future posts.
If you do not want to miss any of our publications, subscribe to our newsletter. With only one email per month you will be informed of all our entries.
More information in the official documentation: https://docs.oracle.com/middleware/1213/wls/JDBCA/oraclewallet.htm#JDBCA596