CREATING AN ORACLE WALLET THAT CONTAINS A SSL CERTIFICATE (STEP 1)

SSL requires a Signed Personal Certifcate, which is stored in Oracle Wallet. You can either
request a SSL certifcate from a 3rd part Certifcate !uthorit such as "eriSign or from
Oracle Certifcate !uthorit #OC!$. %or the purposes of this document, we will assume that
ou ha&e OC! installed and will request the SSL Certifcate from OC!.
'. Create a director called (mwallet) under
*O+!CL,-.O/,0!pache0!pache0conf0ssl.wlt0 to store the wallet containing the newl1
created ser&er certifcate.
2. Start Oracle Wallet /anager.
o On Windows3 Select Start 14 Programs 14 Oracle!S '5g 1 O+!CL,-.O/,
14 6ntegrated /anagement 7ools 14 Wallet /anager.
o On 896:3 ,nter ;owm; at the command line. 7his command is located in the
*O+!-.O/,<=in director.
3. Select Wallet 14 9ew.
>. 6f prompted, clic? 9o for the creation of a default wallet director. 7he new wallet
will =e stored in the (mwallet) director created in the pre&ious step.
@. ,nter the following information on the (9ew Wallet) form.
Field Value
Password <Enter an appropriate
password>
Wallet
7pe
Standard
A. Select the OB =utton.
C. Clic? Yes to create a certifcate request.
D. ,nter the details for the certifcate request on the Create Certifcate +equest form.
Field Value
Common 9ame 7he Common 9ame must match the host domain name
that the we= ser&er uses. 7his is the Ser&er9ame
parameter in the ssl.conf fle and the host.domain that
users will access from the =rowser 8+L #such as , ,'
Certifcate !uthorit$.
OrganiEational
8nit
<Division name>
OrganiEation <Company name>
Location <City name>
State <State or province name>
Countr <Country name>
Be SiEe '52> =its
F. Select OB.
'5. Select OB..
''. Select Certifcate3G+equestedH.
'2. %rom the Operations menu, select ,Iport Certifcate +equest. 7his will eIport the
certifcate request to a fle so that it can =e copied and sent to Oracle Certifcate
!uthorit.
'3. Sa&e to a fle #e.g. m-request.csr$ in an location. 9ote the location where ou sa&e
the fle. 7he content of this fle will =e su=mitted to Oracle Certifcate !uthorit for
appro&al in the neIt section.
'>. Select Wallet, Sa&e. Sa&e to the director (mwallet) created in a pre&ious section
#normall <ORACLE_HOME>0!pache0!pache0conf0ssl.wlt0mwallet$. 7his sa&es the
newl created wallet with a ser&er certifcate in (+equested) state to (mwallet)
director. Once the wallet is sa&ed, ou can open the wallet from the director later
if ou eIit wallet manager.
'@. Juardar la cartera para poder eIportar la cla&e pri&ada, en el mismo directorio que
la solicitud del certifcado.
'A. !hora ha que eIportar la cla&e pri&ada generar el certifcado.
GrootKcr'we=AFI seleneHL pwd
<opt<app<oashome<!pache<!pache<conf<ssl.wlt<selene
GrootKcr'we=AFI seleneHL openssl pkcs12 -in ewallet.p12 -passin
pass:siemens123 -out ewallet.txt -nodes
/!C &erifed OB
Warning unsupported =ag tpe3 secretMag
GrootKcr'we=AFI seleneHL ls 1al
total >5
drwIrwIr1I 2 oas'5 oas'5 >5FA no& > '535> .
drwIrwI111 @ oas'5 oas'5 >5FA no& > 5F3@> ..
1rw1111111 ' oas'5 oas'5 F'33 no& > '5353 ewallet.p'2
1rw1r11r11 ' root root '3CFF no& > '535> ewallet.tIt
1rw1111111 ' oas'5 oas'5 AA2 no& > 5F3@C selene.csr
GrootKcr'we=AFI seleneHL cat ewallet.txt # Seleccionar desde BEGIN RSA PRIVATE KEY
hasta END RSA PRIVATE KEY$
GrootKcr'we=AFI seleneHL vi selene.key # Creamos un fchero con el contedido seleccionado$
GrootKcr'we=AFI seleneHL openssl x509 -req -days 999 -in selene.csr \-sinkey
selene.key -out selene.crt
Signature o?
su=NectO<CO,S<S7Omadrid<LOmadrid<OOsiemens<O8Omedical<C9O'5.'F2.'>A.'@5
Jetting Pri&ate ?e
GrootKcr'we=AFI seleneHL ls -al
total >D
drwIrwIr1I 2 oas'5 oas'5 >5FA no& > '53'' .
drwIrwI111 @ oas'5 oas'5 >5FA no& > 5F3@> ..
1rw1111111 ' oas'5 oas'5 F'33 no& > '5353 ewallet.p'2
1rw1r11r11 ' root root '3CFF no& > '535> ewallet.tIt
1rw1r11r11 ' root root D@' no& > '53'' selene.crt # ,ste es el certifcado generado$
1rw1111111 ' oas'5 oas'5 AA2 no& > 5F3@C selene.csr
1rw1r11r11 ' root root DDC no& > '53'5 selene.?e
'C. 7enemos que importar el certifcado autoriEarlo en Wallet.