Oracle Customer Engineering & Advocacy Lab (CEAL) Blog covers Oracle Analytics Cloud, Oracle Analytics Server and...

Importing server and private key in Oracle wallet

You want to create a wallet containing your server cert and private key provided by your PKI administrator as a yourcert.p12 file. Let s assume the password for the private key is "mypassword".

One way is to:
a/ convert this p12 to jks
keytool -v -importkeystore -srckeystore yourcert.p12 -srcstoretype PKCS12 -destkeystore yournewkeystore.jks -deststoretype JKS
You must use the same password for the new jks and the private key = "mypassword"

Import in this keystore, the intermediate and root certs for your server cert. This is required to create a valid wallet.
keytool -import -alias Root -keystore yournewkeystore.jks -trustcacerts -file root.cer
keytool -import -alias Intermediate -keystore yournewkeystore.jks -trustcacerts -file intermediate.cer

Validate all entries are there using keytool -list -keystore yournewkeystore.jks

b/ create an empty wallet
mw_home\oracle_common\bin\orapki wallet create -wallet ./ -pwd "mypassword"

c/ convert the jks to a wallet:
mw_home\oracle_common\bin\orapki wallet jks_to_pkcs12 -wallet ./ -pwd "mypassword" -keystore ./yournewkeystore.jks -jkspwd "mypassword"

Make sure the private key password and the wallet password match = "mypassword"

d/ open the newly created ewallet.p12 with Oracle wallet manager
And in wallet menu, tick "autologin", then save. This creates cwallet.sso along side ewallet.p12

Your wallet is ready to be used by OHS!

Join the discussion

Comments ( 2 )
  • Christian Tuesday, August 26, 2014

    I'm trying to install a key and a certificate provided by our hosting provider. Everything seems fine, but on step c I'm facing this problem:


    Oracle PKI Tool : Version ...

    Exception : java.io.IOException: No self-signed cert in chain.


    Does anyone have a clue? No self-signed certs are used, so the message is correct, but why would orapki want a self-signed certificate?

  • Alexey Friday, September 25, 2015

    I got same issue when doing it through JKS. Suggest to do as follows (taken from 'stackoverflow' advice, use same password for both commands):

    openssl pkcs12 -export -in certchain.pem -out ewallet.p12

    mv ewallet.p12 <location of your oracle wallet>

    orapki wallet create -wallet <localtion of your oracle wallet> -auto_login

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.