Importing server and private key in Oracle wallet

You want to create a wallet containing your server cert and private key provided by your PKI administrator as a yourcert.p12 file. Let s assume the password for the private key is "mypassword".

One way is to:
a/ convert this p12 to jks
keytool -v -importkeystore -srckeystore yourcert.p12 -srcstoretype PKCS12 -destkeystore yournewkeystore.jks -deststoretype JKS
You must use the same password for the new jks and the private key = "mypassword"

Import in this keystore, the intermediate and root certs for your server cert. This is required to create a valid wallet.
keytool -import -alias Root -keystore yournewkeystore.jks -trustcacerts -file root.cer
keytool -import -alias Intermediate -keystore yournewkeystore.jks -trustcacerts -file intermediate.cer

Validate all entries are there using keytool -list -keystore yournewkeystore.jks

b/ create an empty wallet
mw_home\oracle_common\bin\orapki wallet create -wallet ./ -pwd "mypassword"

c/ convert the jks to a wallet:
mw_home\oracle_common\bin\orapki wallet jks_to_pkcs12 -wallet ./ -pwd "mypassword" -keystore ./yournewkeystore.jks -jkspwd "mypassword"

Make sure the private key password and the wallet password match = "mypassword"

d/ open the newly created ewallet.p12 with Oracle wallet manager
And in wallet menu, tick "autologin", then save. This creates cwallet.sso along side ewallet.p12

Your wallet is ready to be used by OHS!


I'm trying to install a key and a certificate provided by our hosting provider. Everything seems fine, but on step c I'm facing this problem:

Oracle PKI Tool : Version ...

Exception : No self-signed cert in chain.

Does anyone have a clue? No self-signed certs are used, so the message is correct, but why would orapki want a self-signed certificate?

Posted by Christian on August 26, 2014 at 06:46 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed