10 Replies Latest reply on Jul 5, 2011 4:48 AM by 873214

    Can't install ssl certificate with orapki

    716107
      Hi!

      I've been having issues with the oracle wallet manager so was advised by oracle support to use orapki instead.

      As the oracle user I did generated the certificate request in the following mannger:
      orapki wallet create -wallet $ORACLE_HOME/wallet -pwd <<mypassword>>
      orapki wallet add -dn <<mydn>> -keysize 1024 -wallet $ORACLE_HOME/wallet
      orapki wallet export -wallet $ORACLE_HOME/wallet -dn <<mydn>> -request $ORACLE_HOME/wallet/newcrt.req

      and then sent newcrt.req to the issuing authority.

      They gave me four files in return:
      mycertificate.crt
      IPSServidores.cer
      IPSCACLASEA1.cer
      IPS-IPSCABUNDLE.cer (a bundle of the above 2 together)

      I renamed the .cer files to be .crt files.

      I then attempted the following (to add a trusted certificate):
      orapki wallet add -wallet $ORACLE_HOME/wallet/ -trusted_cert -cert $ORACLE_HOME/wallet/IPSServidores.crt

      I was asked for my password, which I typed in and then was confronted with the message:
      Unable to load wallet at /opt/oracle/product/10.1.3.1/OracleAS_1/wallet/

      Googling around led me to think that I had the password wrong, but this is almost impossible as I typed the commands into a txt file that I saved and just copied them into the command prompt so the line that I created the password on is still available for view.

      What else could possibly be wrong? Thanks!!!
        • 1. Re: Can't install ssl certificate with orapki
          716107
          Note that the following:
          orapki wallet display -wallet $ORACLE_HOME/wallet

          also produces the same error message.
          • 2. Re: Can't install ssl certificate with orapki
            716107
            Ok, I've made some progress.
            I modified the permissions of the wallet and the certificate as the root user but now am receiving the following error after putting in my password to add the certificate:
            Unknown error occurred:

            The wallet now appears to display ok.
            • 3. Re: Can't install ssl certificate with orapki
              716107
              Okay, I have moved past the initial issue by creating a new wallet in a separate folder to the certificates on its own. I have been able to add the trusted certificates without issue but I cannot add the user certificate.
              The message I get is:
              "Please add all trusted certificates before adding the user certificate".
              When I do a orapki wallet display I can see all the trusted certificates listed so I'm not sure why this is happening.
              • 4. Re: Can't install ssl certificate with orapki
                Chris Hollies
                Hi, I am having exactly this problem -

                Could not install user cert atserver.crt
                Please add all trusted certificates before adding the user certificate


                and I also have the trusted certificate. Did you ever find a solution?
                • 5. Re: Can't install ssl certificate with orapki
                  665725
                  Hi,

                  I too am facing the same problem.

                  Could not install user cert atclientnew.pfx
                  Please add all trusted certificates before adding the user certificate

                  When i check the list of trusted certificates, I see all the relevant certificates present. Tried different options but did not work.


                  Please help. Urgent!

                  MJ
                  • 6. Re: Can't install ssl certificate with orapki
                    Fabian
                    hi Marius
                    I guess ur following the below steps properly

                    The installation consists of three main parts:

                    a) Importing the Primary Root CA
                    b) Import the Intermediate Certificate and Cross Certificate
                    c) Installing your SSL123 certificate

                    a) Importing the Primary Root CA

                    1. Launch Oracle Wallet Manager.
                    2. Click Operations and select Import Trust Certificates from the menu
                    3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
                    4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
                    5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.

                    b) Importing the Intermediate and Cross certificates

                    1. Launch the Oracle Wallet Manager.
                    2. Click Operations > Import Trust Certificates from the menu.
                    3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
                    4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
                    5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
                    6. Repeat the same steps for the Cross certificate

                    c) Importing your SSL123 certificate

                    1. Click Operations > Import User Certificate from the menu bar.
                    2. The Import Certificate dialog appears.
                    3. Select the Paste the Certificate radio button, and click OK.
                    4. The Import Certificate dialog appears.
                    5. Paste the entire contents of your SSL123 Certificate file and click OK.
                    6. A message should show that the certificate was imported successfully.
                    7. When you return to the main window, wallet status should show "Ready."

                    Regards
                    Fabian
                    • 7. Re: Can't install ssl certificate with orapki
                      665725
                      HI Fabian,

                      Thanks for the reply. I am doing the same but through orapki.

                      1. Installed the primary root CA.
                      2. Installed intermediate certificates.
                      3. Checked that all the dependent certificates are correctly added. Then tried to add the user certificate and got this error. Am i missing something here.

                      Please suggest.

                      MJ
                      • 8. Re: Can't install ssl certificate with orapki
                        873214
                        Hi all,

                        Please refer to http://www.art2dec.com/documentation/docs/fmw11g1114documentation/core.1111/e10105/walletmgr.htm#CJGFJFEF and do all examples on H.1.1 orapki Usage Examples part. You will create successfully, I tried on doing and got the success result. Hope you to have what you want.

                        Thanks

                        Here are a few examples of using orapki:

                        # Create root wallet (for example, CA wallet)
                        orapki wallet create -wallet ./root -pwd mypasswd

                        # Add a self-signed certificate (CA certificate) to the root wallet
                        orapki wallet add -wallet ./root -dn 'CN=root_test,C=US' -keysize 1024 -self_signed -validity 3650 -pwd mypasswd

                        # Export self-signed certificate from the wallet
                        orapki wallet export -wallet ./root -dn 'CN=root_test,C=US' -cert ./root/b64certificate.txt -pwd mypasswd

                        # Create a user wallet (for example, a customer wallet)
                        orapki wallet create -wallet ./user -pwd mypasswd

                        # Add a certificate request
                        orapki wallet add -wallet ./user -dn 'CN=user_test,C=US' -keysize 1024 -pwd mypasswd

                        # Export the certificate request
                        orapki wallet export -wallet ./user -dn 'CN=user_test,C=US' -request ./user/creq.txt -pwd mypasswd

                        # Create a certificate (issued by CA)
                        orapki cert create -wallet ./root -request ./user/creq.txt -cert ./user/cert.txt -validity 3650 -pwd mypasswd

                        # Add a trusted certificate (CA certificate) to the wallet
                        orapki wallet add -wallet ./user -trusted_cert -cert ./root/b64certificate.txt -pwd mypasswd

                        # Add a user certificate
                        orapki wallet add -wallet ./user -user_cert -cert ./user/cert.txt -pwd mypasswd

                        # Display contents of wallet
                        orapki wallet display -wallet ./root -pwd mypasswd
                        • 9. Re: Can't install ssl certificate with orapki
                          873214
                          Hi all,

                          Please refer to http://www.art2dec.com/documentation/docs/fmw11g1114documentation/core.1111/e10105/walletmgr.htm#CJGFJFEF and do all examples on H.1.1 orapki Usage Examples part. You will create successfully, I tried on doing and got the success result. Hope you to have what you want.

                          Thanks

                          Here are a few examples of using orapki:

                          # Create root wallet (for example, CA wallet)
                          orapki wallet create -wallet ./root -pwd mypasswd

                          # Add a self-signed certificate (CA certificate) to the root wallet
                          orapki wallet add -wallet ./root -dn 'CN=root_test,C=US' -keysize 1024 -self_signed -validity 3650 -pwd mypasswd

                          # Export self-signed certificate from the wallet
                          orapki wallet export -wallet ./root -dn 'CN=root_test,C=US' -cert ./root/b64certificate.txt -pwd mypasswd

                          # Create a user wallet (for example, a customer wallet)
                          orapki wallet create -wallet ./user -pwd mypasswd

                          # Add a certificate request
                          orapki wallet add -wallet ./user -dn 'CN=user_test,C=US' -keysize 1024 -pwd mypasswd

                          # Export the certificate request
                          orapki wallet export -wallet ./user -dn 'CN=user_test,C=US' -request ./user/creq.txt -pwd mypasswd

                          # Create a certificate (issued by CA)
                          orapki cert create -wallet ./root -request ./user/creq.txt -cert ./user/cert.txt -validity 3650 -pwd mypasswd

                          # Add a trusted certificate (CA certificate) to the wallet
                          orapki wallet add -wallet ./user -trusted_cert -cert ./root/b64certificate.txt -pwd mypasswd

                          # Add a user certificate
                          orapki wallet add -wallet ./user -user_cert -cert ./user/cert.txt -pwd mypasswd

                          # Display contents of wallet
                          orapki wallet display -wallet ./root -pwd mypasswd
                          • 10. Re: Can't install ssl certificate with orapki
                            873214
                            Hi all,

                            Please refer to http://www.art2dec.com/documentation/docs/fmw11g1114documentation/core.1111/e10105/walletmgr.htm#CJGFJFEF and do all examples on H.1.1 orapki Usage Examples part. You will create successfully, I tried on doing and got the success result. Hope you to have what you want.

                            Thanks

                            Here are a few examples of using orapki:

                            # Create root wallet (for example, CA wallet)
                            orapki wallet create -wallet ./root -pwd mypasswd

                            # Add a self-signed certificate (CA certificate) to the root wallet
                            orapki wallet add -wallet ./root -dn 'CN=root_test,C=US' -keysize 1024 -self_signed -validity 3650 -pwd mypasswd

                            # Export self-signed certificate from the wallet
                            orapki wallet export -wallet ./root -dn 'CN=root_test,C=US' -cert ./root/b64certificate.txt -pwd mypasswd

                            # Create a user wallet (for example, a customer wallet)
                            orapki wallet create -wallet ./user -pwd mypasswd

                            # Add a certificate request
                            orapki wallet add -wallet ./user -dn 'CN=user_test,C=US' -keysize 1024 -pwd mypasswd

                            # Export the certificate request
                            orapki wallet export -wallet ./user -dn 'CN=user_test,C=US' -request ./user/creq.txt -pwd mypasswd

                            # Create a certificate (issued by CA)
                            orapki cert create -wallet ./root -request ./user/creq.txt -cert ./user/cert.txt -validity 3650 -pwd mypasswd

                            # Add a trusted certificate (CA certificate) to the wallet
                            orapki wallet add -wallet ./user -trusted_cert -cert ./root/b64certificate.txt -pwd mypasswd

                            # Add a user certificate
                            orapki wallet add -wallet ./user -user_cert -cert ./user/cert.txt -pwd mypasswd

                            # Display contents of wallet
                            orapki wallet display -wallet ./root -pwd mypasswd