Create Server Wallet and Certificate (Oracle 19c)

This tutorial explains the steps to create an Oracle Wallet and certificate on the Oracle database server to enable a communication with TCPS,

Certificate details:

  • Oracle Database Server name: obrdb1
  • Password: oracle_4U
  • Wallet Directory: /u01/app/oracle/ssl/wallet
  • Key size: 2048
  • Validity: 10 Years

Step1: Create a new auto-login Server wallet

$ mkdir -p /u01/app/oracle/ssl/wallet
$ orapki wallet create -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U -auto_login_local
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
Operation is successfully completed.

Step 2: Create a self-signed certificate and load it into the wallet

$ orapki wallet add -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U -dn "CN=`hostname`" -keysize 2048 -self_signed -validity 3650
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
Operation is successfully completed.
$ ll /u01/app/oracle/ssl/wallet
-rw-------. 1 oracle oinstall 3805 May 29 20:16 cwallet.sso
-rw-------. 1 oracle oinstall 0 May 29 20:14 cwallet.sso.lck
-rw-------. 1 oracle oinstall 3760 May 29 20:16 ewallet.p12
-rw-------. 1 oracle oinstall 0 May 29 20:14 ewallet.p12.lck

Step 3: Check the contents of the wallet.

$ orapki wallet display -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Subject: CN=obrdb1
Trusted Certificates:
Subject: CN=obrdb1
$

Note: The self-signed certificate is both a user and trusted certificate.

Step 4: Export the certificate to load it into the client wallet later.

$ orapki wallet export -wallet /u01/app/oracle/ssl/wallet -pwd oracle_4U -dn "CN= `hostname` " -cert ~/ ` hostname ` -certificate.crt
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
Operation is successfully completed.

$ ll obrdb1-certificate.crt
-rw-------. 1 oracle oinstall 976 May 29 20:20 obrdb1-certificate.crt

Enjoy!

Bookmark the permalink.
Loading Facebook Comments ...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.