The complete certificate chain of the secured web service you are calling from Oracle, needs to be in the local Oracle wallet.
The default certificate format you need to load as file, or copy and paste as text, into the Oracle wallet, is the PEM format.
You can use your browser (Firefox/Chrome) to access the secured web service (use WSDL URL). And accept the certificates into your browser's wallet. You can then view the certificate chain of that secured site in the browser, and export the site certificate and any root certificates. The export format is by default PEM. You can then load these into your Oracle wallet via the OWM GUI, or via the command line, e.g.
orapki wallet add -wallet <wallet_dir> -trusted_cert -cert <certificate.pem> -pwd <wallet_password>
Thanks Billy!! I tried adding certificate as you have mentioned. I was able to add the trusted certificate. However, for user cert which is a p12 file , I am unable to add it and its throwing error stating:
PKI-04001: Invalid Certificate.
Could not install user cert at <LOCATION>/xxxxxxxx.p12
Please add all trusted certificates before adding the user certificate
Can orapki handle *.p12 certificate.
Any pointers will be much appreciated.
The error seems to be with the certificate chain - trusted certificates need to be loaded prior to user certificates.
A certificate like the one used for this Oracle community web site, is signed by GeoTrust Inc. If you do not have the GeoTrust (root authority) certificate in your wallet, you cannot trust this web site's certificate. (click on the https icon in the address bar in your browser to see)
So my guess is that your wallet cannot accept the user certificate as it was signed by an unknown party - i.e. you do not have a trusted certificate for the organisation that signed the user certificate.
It is important to import the complete chain of certificates in your wallet.