Create Oracle Wallet with a p12 certificate in Oracle 19c

Hello everyone. Today we wanted to tell you about our experience in creating an Oracle wallet to access the database in version 19c. We already published an entry to do it in 11g and 12c in the following post:

https://www.gpsos.es/2019/01/crear-wallet-oracle-certificado-p12/

When performing the same operation in Oracle 19c we have found a failure in one of the steps, specifically in the step:

orapki wallet pkcs12_to_jks -wallet ewallet.p12 -pwd test123 -jksKeyStoreLoc ewallet.jks -jksKeyStorepwd test123

The error that appears is:

Unable to perform operation :null

When reviewing we see that there is no information in the logs or in metalink that gives us a clue of what may be happening, so we are going to do it in another way.

Create Oracle Wallet with a p12 certificate in Oracle 19c

Create Oracle Wallet for Version 19c

We load the 19c version variables:

  . oraenv
 ORACLE_SID = [] ? TEST19
 The Oracle base has been changed to /opt/oracle 

Our certificate is called test1.gpsos.es.cer and the key test1.gpsos.es.key:

certified cd
openssl pkcs12 -export -in test1.gpsos.es.cer -inkey test1.gpsos.es.key -certfile CA.cer -out ewallet.p12

We enter our key for the certificate

  1. The first step is to convert from p12 to jks
keytool -v -importkeystore -srckeystore ewallet.p12 -srcstoretype PKCS12 -destkeystore ewallet.jks -deststoretype JKS

We import all associated certificates:

keytool -import -alias Root -keystore ewallet.jks -trustcacerts -file CA.cer
keytool -import -alias Intermediate -keystore ewallet.jks -trustcacerts -file CA.cer
keytool -list -keystore ewallet.jks 
  • We create an empty wallet where you can import the new certificates:
mkdir /home/oracle/certificates/wallet
orapki wallet create -wallet /home/oracle/certificados/wallet -pwd test123 -auto_login -pwd test123
  • We convert the jks file to wallet:
orapki wallet jks_to_pkcs12 -wallet /home/oracle/certificados/wallet -pwd test123 -keystore ./ewallet.jks -jkspwd test123
  • We copy the wallet to its final route:
cd /home/oracle/certificates/wallet
chown oracle:dba ewallet.p12 cwallet.sso
chmod 640 ewallet.p12 cwallet.sso
mkdir -p /app/oracle/product/19.3.0.0/db_1/owm/wallets/oracle
cp /home/oracle/certificates/wallet/* /app/oracle/product/19.3.0.0/db_1/owm/wallets/oracle 

Once finished we can call owm and check that the wallet opens correctly and we have our certificates available.

If you have questions about how to create the Wallet or prefer that we do it, contact us without obligation. We can also advise you and assess your environment if you wish. We can help you if you are suffering from slowness problems, crashes, database engine version update, migrations, etc. Ask for information without obligation and we will evaluate your case. We are experts in Databases such as Oracle, SQL Server, MySQL, MongoDB…

We hope you find it useful and save you problems when working with this functionality. See you in future posts.

If you do not want to miss any of our publications, subscribe to our newsletter. With only one email per month you will be informed of all our entries.

More information in the official documentation: https://docs.oracle.com/middleware/1213/wls/JDBCA/oraclewallet.htm#JDBCA596

Comments are closed.