Re: Oracle Wallet

From: Øyvind Isene <oyvind.isene_at_gmail.com>
Date: Wed, 31 Aug 2022 11:47:52 +0200
Message-ID: <CAF+iMcFGJBEGonPdNYKVP4euQk5GFNBsPqnG4qP5K5=kiOTfJQ_at_mail.gmail.com>

Did you verify the certificate you are adding? If it is x509 you can display it with

openssl x509 -in claws_pvt.pem -text -noout

To show the content of the wallet

orapki wallet display -wallet ebsadevl_wallet

I always store ssl certificates in a wallet separate from db-wallet and tde-wallet, in the UTL_HTTP-package you can set the path to the wallet as a parameter. Also if you are using UTL_HTTP, only the root certificates should be necessary. When I run into problems with certification validation problems in PL/SQL I use the EXECUTE DBMS_SESSION.RESET_PACKAGE; after each change I do on the wallet. Sometimes it is easiest to just start over with an empty wallet (this is material for a blog post, I have seen some strange behaviour here). Either create a new one or delete the certs in it:

orapki wallet remove -wallet . -trusted_cert_all

I use this command to add certificates:

orapki wallet add -wallet $PWD/ssl -trusted_cert -cert filename

ons. 31. aug. 2022 kl. 00:43 skrev Mladen Gogala <gogala.mladen_at_gmail.com>:

> On 8/30/22 10:40, Scott Canaan wrote:
>
> We have an Oracle wallet that has 3 trusted entries. One of our users
> sent a .pem file and wants it added to the wallet. I’ve tried adding it
> and the command completes successfully, but nothing changes in the wallet.
> He says it can be done, but I can’t figure out how to do it.
>
>
>
> The command I used is:
>
>
>
> orapki wallet add -wallet ebsadevl_wallet/ -cert claws_pvt.pem
>
>
>
> oracle_at_ebsadevl1:EBSADEVL>orapki wallet add -wallet ebsadevl_wallet/
> -cert claws_pvt.pem
>
> Oracle PKI Tool Release 19.0.0.0.0 - Production
>
> Version 19.4.0.0.0
>
> Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights
> reserved.
>
>
>
> Enter wallet password:
>
> Operation is successfully completed.
>
>
>
> How do I add this cert to the wallet?
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
> Hi Scott!
>
> As far as I remember, the command is:
>
> orapki wallet add -wallet wallet_location -trusted_cert -cert certificate_location
>
> I got this from a browser bookmark:
> https://docs.oracle.com/database/121/DBSEG/asoappf.htm#DBSEG610
>
> Are you testing TDE or TCPS listener?
> Regards
>
> --
> Mladen Gogala
> Database Consultant
> Tel: (347) 321-1217https://dbwhisperer.wordpress.com
>
>

-- 
Øyvind Isene
+47 90864882

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Aug 31 2022 - 11:47:52 CEST

This message: [ Message body ]
Next message: Scott Canaan: "RE: Oracle Wallet"
Previous message: Mladen Gogala: "Re: Oracle Wallet"
In reply to: Mladen Gogala: "Re: Oracle Wallet"
In reply to Scott Canaan: "RE: Oracle Wallet"
Next in thread: Scott Canaan: "RE: Oracle Wallet"
Reply: Scott Canaan: "RE: Oracle Wallet"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message