Create Oracle Wallet with a p12 certificate in Oracle 19c

Hello everyone. Today we wanted to tell you about our experience in creating an Oracle wallet to access the database in version 19c. We already published an entry to do it in 11g and 12c in the following entry:

https://www.gpsos.es/2019/01/crear-wallet-oracle-certificado-p12/

When performing the same operation in Oracle 19c we have encountered a failure in one of the steps, specifically in step:

orapki wallet pkcs12_to_jks -wallet ewallet.p12 -pwd test123 -jksKeyStoreLoc ewallet.jks -jksKeyStorepwd test123

The error that appears is:

Unable to perform operation: null

When reviewing we see that there is no information in the logs or in metalink that gives us a clue of what may be happening, so we are going to do it in another way.

Create Oracle Wallet with a p12 certificate in Oracle 19c

Create Oracle Wallet for version 19c

We load the version 19c variables:

  . oraenv
 ORACLE_SID = []? TEST19
 The Oracle base has been changed to / opt / oracle 

Our certificate is called test1.gpsos.es.cer and the key test1.gpsos.es.key :

certified cd
openssl pkcs12 -export -in test1.gpsos.es.cer -inkey test1.gpsos.es.key -certfile CA.cer -out ewallet.p12

We enter our password for the certificate

  1. The first step is convert from p12 to jks
keytool -v -importkeystore -srckeystore ewallet.p12 -srcstoretype PKCS12 -destkeystore ewallet.jks -deststoretype JKS

We import all associated certificates:

keytool -import -alias Root -keystore ewallet.jks -trustcacerts -file CA.cer
keytool -import -alias Intermediate -keystore ewallet.jks -trustcacerts -file CA.cer
keytool -list -keystore ewallet.jks 
  • We create an empty wallet where to import the new certificates:
mkdir / home / oracle / certificates / wallet
orapki wallet create -wallet / home / oracle / certificates / wallet -pwd test123 -auto_login -pwd test123
  • We convert the jks file to wallet :
orapki wallet jks_to_pkcs12 -wallet / home / oracle / certificates / wallet -pwd test123 -keystore ./ewallet.jks -jkspwd test123
  • We copy the wallet to its final route:
cd / home / oracle / certificates / wallet
chown oracle: dba ewallet.p12 cwallet.sso
chmod 640 ewallet.p12 cwallet.sso
mkdir -p /app/oracle/product/19.3.0.0/db_1/owm/wallets/oracle
cp / home / oracle / certificates / wallet / * /app/oracle/product/19.3.0.0/db_1/owm/wallets/oracle 

Once finished we can call owm and check that the wallet opens correctly and we have our certificates available.

If you have questions about how to create the Wallet or if you prefer us to do it, contact us without obligation. We can also advise you and assess your environment if you wish. We can help you if you are experiencing slowness problems, crashes, database engine version update, migrations, etc. Ask for information without obligation and we will assess your case. We are experts in Databases such as Oracle, SQL Server, MySQL, MongoDB …

We hope you find it useful and save you problems when working with this functionality. See you in next innings.

If you don’t want to miss any of our publications, subscribe to our newsletter. With a single email a month you will be informed of all our entries.

Still do not know Query Performance ? Find out how it can help you in your Oracle environment. More information on their page LinkedIn .

Follow GPS on LinkedIn

More information in the official documentation: https://docs.oracle.com/middleware/1213/wls/JDBCA/oraclewallet.htm#JDBCA596