Create Server Wallet and Certificate (Oracle 19c)

By | |

This tutorial explains the steps to create an Oracle Wallet and certificate on the Oracle database server to enable a communication with TCPS,

Certificate details:

  • Oracle Database Server name: obrdb1
  • Password: oracle_4U
  • Wallet Directory: /u01/app/oracle/ssl/wallet
  • Key size: 2048
  • Validity: 10 Years

Step1: Create a new auto-login Server wallet

$ mkdir -p /u01/app/oracle/ssl/wallet
$ orapki wallet create -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U -auto_login_local
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Operation is successfully completed.

Step 2: Create a self-signed certificate and load it into the wallet

$ orapki wallet add -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U -dn "CN=`hostname`" -keysize 2048 -self_signed -validity 3650
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Operation is successfully completed.
$ ll /u01/app/oracle/ssl/wallet
 -rw-------. 1 oracle oinstall 3805 May 29 20:16 cwallet.sso
 -rw-------. 1 oracle oinstall    0 May 29 20:14 cwallet.sso.lck
 -rw-------. 1 oracle oinstall 3760 May 29 20:16 ewallet.p12
 -rw-------. 1 oracle oinstall    0 May 29 20:14 ewallet.p12.lck

Step 3: Check the contents of the wallet. 

$ orapki wallet display -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Requested Certificates:
 User Certificates:
 Subject:        CN=obrdb1
 Trusted Certificates:
 Subject:        CN=obrdb1
 $

Note: The self-signed certificate is both a user and trusted certificate.

Step 4: Export the certificate to load it into the client wallet later.

$ orapki wallet export -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U -dn "CN= `hostname` " -cert ~/ ` hostname ` -certificate.crt
 Oracle PKI Tool Release 19.0.0.0.0 - Production
 Version 19.4.0.0.0
 Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
 Operation is successfully completed.

$ ll  obrdb1-certificate.crt
 -rw-------. 1 oracle oinstall 976 May 29 20:20 obrdb1-certificate.crt

Enjoy!

Bookmark the permalink.
Loading Facebook Comments ...

Leave a Reply