How To Generate A Wallet Containing A Self Signed Certificate Using ORAPKI from Oracle
SOLUTION
This self-signed certificate should be used for testing purposes only with Oracle Application Server (OAS 10.1.2 - 10.1.3) or Fusion Middleware (FMW 11.1.1.X)
Before attempting this with ORAPKI for FMW 11.1.1.X or FMW 12.1.X, please read: Note 1218603.1 Understanding Wallets and Keystores in Fusion Middleware 11g/12c
Before attempting this with ORAPKI for FMW 11.1.1.X or FMW 12.1.X, please read: Note 1218603.1 Understanding Wallets and Keystores in Fusion Middleware 11g/12c
- Important: This is not a substitute for the Oracle Documentation or comprehensive orapki options. This provides sample commands using orapki to create a basic wallet and certificate. If you need advanced options such as SHA2 or higher keysize, ensure to add in the -sign_alg sha256 and/or -keysize 2048 parameters. See the Oracle Documentation for your version for options available on your version.
The steps below show how to create a Wallet, and a Self-Signed certificate using orapki:
1. Create the Wallet:
For OAS:
$ORACLE_HOME/bin/orapki wallet create -wallet <path_to_where_wallet_will_be_created> -pwd <wallet_pwd> -auto_login
For example:
$ORACLE_HOME/bin/orapki wallet create -wallet /oracle/app/product/oracle/russ/orapki/ -pwd Welcome1 -auto_login
For FMW:
Note the commands below show $MIDDLEWARE_HOME. $MIDDLEWARE_HOME should be used for FMW 11.1.X. If using FMW 12.1.X , use $ORACLE_HOME instead
To create a Password Protected Wallet(ewallet.p12 and cwallet.sso):
$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet create -wallet <path> -auto_login
For example:
>$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet create -wallet /fmw11g/instances/webtier/wallet -auto_login
Enter password: **********
Enter password again: **********
Enter password: **********
Enter password again: **********
To create an Auto-Login Wallet (cwallet.sso only):
$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet create -wallet <path> -auto_login_only
For example:
$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet create -wallet /fmw11g/instances/webtier/wallet -auto_login_only
This generates an Auto-Login Wallet in the desired location. It currently contains no user certificate.
2. Create a Self Signed Certificate:
For OAS:
$ORACLE_HOME/bin/orapki wallet add -wallet <path_to_where_wallet_was_created_above> -dn '<certificate_DN_you_require> -keysize 1024 -self_signed -validity <days> -pwd <wallet_pwd>
For example:
$ORACLE_HOME/bin/orapki wallet add -wallet /oracle/app/product/oracle/russ/orapki/ -dn 'CN=server.uk.oracle.com, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=GB' -keysize 1024 -self_signed -validity 365 -pwd Welcome1
For FMW:
$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet add -wallet wallet_location -dn user_dn -keysize 512|1024|2048|4096 -self_signed [-pwd][-auto_login_only]
For example:
For a Password Protected Wallet:
$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet add -wallet /fmw11g/instances/webtier/wallet -dn 'CN=server.uk.oracle.com, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=GB' -keysize 1024 -self_signed -validity 365 -pwd Welcome1
For an Auto-Login Wallet:
$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet add -wallet /fmw11g/instances/webtier/wallet -dn 'CN=server.uk.oracle.com, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=GB' -keysize 1024 -self_signed -validity 365 -auto_login_only
Note: On Windows use double quotes for the -dn option i.e: -dn "CN=server.uk.oracle.com,
OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=GB"
OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=GB"
If you open the Wallet in Wallet Manager, you will see it says Certificate: Ready, and also contains the Trusted Certificate.
This Wallet is ready to use with Application Server or Fusion Middleware for testing purposes.
REFERENCES
NOTE:1281035.1 - Master Note for SSL Configuration in Oracle Application Server 10g (10.1.2 - 10.1.3)NOTE:1628909.1 - Master Note for SSL Configuration in Fusion Middleware 12c (12.1.x)
NOTE:1218695.1 - Master Note for SSL Configuration in Fusion Middleware 11g
NOTE:341904.1 - Configuring HTTP Server to Use SSL in Oracle Application Server 10g (10.1.2 - 10.1.3)
NOTE:342155.1 - Configuring Web Cache with SSL in Oracle Application Server 10G Release 2 (10.1.2.X.X)
No comments:
Post a Comment