Create Client Wallet and Certificate (Oracle 19c)

By | |

This tutorial explains the steps to create an Oracle Wallet and certificate on the Oracle client to enable a communication with TCPS,

Certificate details:

  • Oracle Client Server name: obrdb2
  • Password: oracle_4U
  • Wallet Directory: /u01/app/oracle/ssl-client/wallet
  • Key size: 2048
  • Validity: 10 Years

Step1: Create a new auto-login client wallet

$ mkdir -p /u01/app/oracle/ssl-client/wallet
$ orapki wallet create -wallet /u01/app/oracle/ssl-client/wallet -pwd oracle_4U -auto_login_local
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Operation is successfully completed.

Step 2: Create a self-signed certificate and load it into the wallet

$ orapki wallet add -wallet /u01/app/oracle/ssl-client/wallet -pwd oracle_4U -dn "CN=`hostname`" -keysize 2048 -self_signed -validity 3650
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Operation is successfully completed.

$ ll /u01/app/oracle/ssl-client/wallet
 total 8
 -rw-------. 1 oracle oinstall 3813 May 29 20:25 cwallet.sso
 -rw-------. 1 oracle oinstall    0 May 29 20:25 cwallet.sso.lck
 -rw-------. 1 oracle oinstall 3768 May 29 20:25 ewallet.p12
 -rw-------. 1 oracle oinstall    0 May 29 20:25 ewallet.p12.lck
 [oracle@obrdb2 ~]$

Step 3: Check the contents of the wallet. 

$ orapki wallet display -wallet /u01/app/oracle/ssl-client/wallet -pwd oracle_4U
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Requested Certificates:
 User Certificates:
 Subject:        CN=obrdb2
 Trusted Certificates:
 Subject:        CN=obrdb2
 $

Note: The self-signed certificate is both a user and trusted certificate.

Step 4: Export the certificate to load it into the client wallet later.

$ orapki wallet export -wallet /u01/app/oracle/ssl-client/wallet -pwd oracle_4U -dn "CN=`hostname ` " -cert ~/` hostname` -certificate.crt
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Operation is successfully completed.

$ ll obrdb2-certificate.crt
 -rw-------. 1 oracle oinstall 980 May 29 20:28 obrdb2-certificate.crt

Enjoy!

Bookmark the permalink.
Loading Facebook Comments ...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.