Oracle Wallet certificate is different from openssl certificate. If you already have a openssl certificate for yourcompany.com and want to use the same certificate for 10gAS then follow the steps to convert openssl certificate to Oracle Wallet certificate. Thanks to my colleague Jim Kennedy he has put the steps together.
For detailed explanation refer to metalink Note:340178.1
1) Copy the following files to a directory (e.g /var/opt/oracle/walletcert)
2) Generate wallet certificate
3) Copy/ftp the walletcert directory to the server where 10gAS is installed.
4) Open and save the certificate using owm executable.
Good Luck and Cheers
For detailed explanation refer to metalink Note:340178.1
1) Copy the following files to a directory (e.g /var/opt/oracle/walletcert)
server.crt = Standard server certificate (received from Verisign)
server.key = Standard key (generated with openssl - 1024.key)
ca.crt = Combination of intermediate certificate and root certificate concatenated
server.key = Standard key (generated with openssl - 1024.key)
ca.crt = Combination of intermediate certificate and root certificate concatenated
2) Generate wallet certificate
$IAS_HOME/Apache/open_ssl/bin/openssl pkcs12 -export -descert -in server.crt -inkey server.key -certfile ca.crt -name server_wallet.crt(can be anyname) -out ewallet.p12
3) Copy/ftp the walletcert directory to the server where 10gAS is installed.
4) Open and save the certificate using owm executable.
Good Luck and Cheers
8 comments:
Thanks for posting this! We are upgrading to 10g, and your advice saved us from having to get our certificate reissued.
Ron Swartzendruber
webmaster@wou.edu
I tried but in own I get "invalid password" message, any hint? please!
You have to use the same password, the one you passed when running openssl.
Zip the whole directory and ftp, instead of individual files (binary format)
Let me know if it worked
Even a couple of years after you wrote that, your clear instructions saved me a lot of time and effort, and possibly also some expensive consultant bills. Thanks.
Hi, we're experiencing the same problem "the password is incorrect, try again?" but this is not a descriptive error, what is happening is that you MUST put the CAs that signed (entire certificate chain) the imported certificate...(-certfile)
cheers
Worked for us. Thanks!
Could you explain how to obtain a root certificate. in: ca.crt = Combination of intermediate certificate and root certificate concatenated ?
Download Root Cert
https://www.verisign.com/support/roots.html
Download Intermediate Cert
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
Combination of root.cert and Intermediate cert
Post a Comment