Home -> Mailing Lists -> Oracle-L -> RE: Oracle Wallet

RE: Oracle Wallet

From: Scott Canaan <srcdco_at_rit.edu>
Date: Wed, 31 Aug 2022 18:28:45 +0000
Message-ID: <MN2PR16MB29739AF192488CFC2D0F4A11C5789_at_MN2PR16MB2973.namprd16.prod.outlook.com> 








I created a new wallet in a new directory (under the umbrella wallets directory).  Now when he tries to use it, he gets "ORA-29106: Cannot import PKCS #12 wallet".  I’m thinking it’s because the wallet wasn’t created with auto_login.  Can that be changed now?



Scott Canaan ‘88


Sr Database Administrator


Information & Technology Services


Finance & Administration


Rochester Institute of Technology


o: (585) 475-7886 | f: (585) 475-7520


srcdco_at_rit.edu<mailto:srcdco_at_rit.edu> | c: (585) 339-8659



CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.



From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> On Behalf Of Øyvind Isene
Sent: Wednesday, August 31, 2022 5:48 AM
To: gogala.mladen_at_gmail.com


Cc: oracle-l <oracle-l_at_freelists.org>
Subject: Re: Oracle Wallet



Did you verify the certificate you are adding? If it is x509 you can display it with



openssl x509 -in claws_pvt.pem -text -noout



To show the content of the wallet



orapki wallet display -wallet ebsadevl_wallet



I always store ssl certificates in a wallet separate from db-wallet and tde-wallet, in the UTL_HTTP-package you can set the path to the wallet as a parameter. Also if you are using UTL_HTTP, only the root certificates should be necessary. When I run into problems with certification validation problems in PL/SQL I use the EXECUTE DBMS_SESSION.RESET_PACKAGE; after each change I do on the wallet. Sometimes it is easiest to just start over with an empty wallet (this is material for a blog post, I have seen some strange behaviour here). Either create a new one or delete the certs in it:



orapki wallet remove -wallet . -trusted_cert_all



I use this command to add certificates:



orapki wallet add -wallet $PWD/ssl -trusted_cert -cert filename





ons. 31. aug. 2022 kl. 00:43 skrev Mladen Gogala <gogala.mladen_at_gmail.com<mailto:gogala.mladen_at_gmail.com>>:
On 8/30/22 10:40, Scott Canaan wrote:


We have an Oracle wallet that has 3 trusted entries.  One of our users sent a .pem file and wants it added to the wallet.  I’ve tried adding it and the command completes successfully, but nothing changes in the wallet.  He says it can be done, but I can’t figure out how to do it.



The command I used is:



orapki wallet add -wallet ebsadevl_wallet/ -cert claws_pvt.pem



oracle_at_ebsadevl1:EBSADEVL>orapki wallet add -wallet ebsadevl_wallet/ -cert claws_pvt.pem
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0


Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved.



Enter wallet password:


Operation is successfully completed.



How do I add this cert to the wallet?



Scott Canaan ‘88


Sr Database Administrator


Information & Technology Services


Finance & Administration


Rochester Institute of Technology


o: (585) 475-7886 | f: (585) 475-7520


srcdco_at_rit.edu<mailto:srcdco_at_rit.edu> | c: (585) 339-8659
CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.




Hi Scott!



As far as I remember, the command is:



orapki wallet add -wallet wallet_location -trusted_cert -cert certificate_location





I got this from a browser bookmark:





https://docs.oracle.com/database/121/DBSEG/asoappf.htm#DBSEG610






Are you testing TDE or TCPS listener?



Regards



--




Mladen Gogala



Database Consultant



Tel: (347) 321-1217



https://dbwhisperer.wordpress.com





--



Øyvind Isene


+47 90864882


--



http://www.freelists.org/webpage/oracle-l
Received on Wed Aug 31 2022 - 20:28:45 CEST












Original text of this message