The warning you see is because our certificate is self signed, or the hostname does not match. You will need to tell us what the warnings are to determine what you need to change to make them go away, but for one, you need CA signed certifcates rather than self signed certificates if you want no warnings and the CN entry on the certificate needs to match the host name of the URL that you are using to access your service.
Thanks for the update
If I create new wallet request with proper name(as per the access link) and create and import self signed certificate. Will it remove the certificate warning?
It depends on what the actual warning is. Without you telling us what the warning is, we can only guess what it is.
Screen one shows clearly the reasons for the warning:
The security certificate presented by this website was issued for a different website's address.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website has expired or is not yet valid.
So if you get a CA signed certificate with the CN matching the website's URL host and domain, then the warning will go away. This needs to be CA signed, not self signed, unless your CA's certificate is imported into each and every browser accessing your site which is possible if its a company intranet, but not if its on the internet.
I have created new wallet and copied the wallet files in
d:\oracle\UAT\inst\apps\TEST_test\certs/Apache and d:\oracle\UAT\inst\apps\TEST_test\certs/opmn
Apache is not starting and failing with below error:
--> Process (index=1,uid=565,pid=34924)
failed to start a managed process after the maximum retry limit
WARNING: StartServers has no effect on Win32
[Wed Jul 26 12:33:19 2017] [notice] User directive has no affect on Win32
[Wed Jul 26 12:33:19 2017] [warn] pid file D:/oracle/uat/inst/apps/TEST_test/pids/10.1.3/apache/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Wed Jul 26 12:33:19 2017] [error] mod_ossl: Init: SSL call to NZ function nzos_OpenWallet failed with error 28759 (Server test.test:4450, wallet file:d:\\oracle\\TEST\\inst\\apps\\TEST_test\\certs/Apache)
[Wed Jul 26 12:33:19 2017] [error] mod_ossl: Failed to open the wallet [Hint: incorrect path, incorrect password, bad wallet, ...]
Error: Failed to open the wallet [Hint: incorrect path, incorrect password, bad wallet, ...] (Server test.test:4450, wallet file:d:\oracle\UAT\inst\apps\TEST
I used password welcome1 while creating wallet. anywhere do I need to change this password?
Did you create an auto wallet? mod_ossl expects you to use an auto wallet so no password is prompted for. Alternatively, you could also use
SSLWalletPassword to explicitly specify the password, but this directive is deprecated.
Used below command:
orapki wallet create -wallet $INST_TOP/certs/Apache -auto_login -> it prompt for password
orapki wallet add \
-wallet . \
-dn "CN=mymachine.us.oracle.com,OU=ATG Specialty,O=Support,L=Denver,ST=Colorado,C=US"
-keysize 2048 \
How I can fix this issue and how I can create wallet without password. don't know existing wallet password
Did you actually add a certificate into your wallet? Your orapki command does not specify a -cert option.
Make sure you actually have a certificate in the wallet by listing what is currently in the wallet:
orapki wallet display -wallet $INST_TOP/certs/Apache
Then once you verified it is there, run the following to generate an auto wallet for your wallet:
orapki wallet create -wallet $INST_TOP/certs/Apache -pwd welcome1 -auto_login
To double check, your wallet is the ewallet.p12 file and the auto wallet is the cwallet.sso file.
verified the wallet and i can see certificate is there. I can see ewallet.p12 file and the auto wallet is the cwallet.sso file is in Apache directory.
executed autologin steps again and started services. still same. I think I am missing some steps, like copy this files to any location/ password mismtch with any exiting files