2 Replies Latest reply on Dec 9, 2019 7:10 PM by user12047668

    Problem creating wallet for OHS from private certificate

    Thomas Lassauniere



      I'm trying to enable SSL communication in OHS (version 12CR2,

      I've got from my SI a file containing server private key, and the trusted chain


      Here is the content of the file (aareonfr.pem) (without certificate of course)


      -----BEGIN CERTIFICATE-----


      -----END CERTIFICATE-----

      -----BEGIN RSA PRIVATE KEY-----


      -----END RSA PRIVATE KEY-----

      -----BEGIN CERTIFICATE-----


      -----END CERTIFICATE-----

      -----BEGIN CERTIFICATE-----


      -----END CERTIFICATE-----


      So I tried to import it from orapki command doing :


      orapki wallet create -wallet d:\oracle\keystore

      orapki wallet add -wallet d:\oracle\keystore -cert D:\oracle\ssl\aareonfr.pem -user_cert


      Error is :

      Could not install user cert atD:\oracle\ssl\aareonfr.pem

      Please add all trusted certificates before adding the user certificate


      Si I tried to add trusted certificate chain (root, and intermediate)

      orapki wallet add -wallet d:\oracle\keystore -cert D:\oracle\ssl\root.pem -trusted_cert

      orapki wallet add -wallet d:\oracle\keystore -cert D:\oracle\ssl\intermediate.pem -trusted_cert


      Error is :

      An error occured :


      OK I got an error but with NO MESSAGE????


      Ok orapki seems to not do this kind off stuff, so I followed another procedure by converting my export chain (PEM) to p12 format using openssl

      openssl pkcs12 -export -in aareonfr.pem -out ewallet.p12


      then use orapki to enable auto_login for this wallet

      orapki wallet create -wallet d:\oracle\ssl -auto_login


      OK this seems to work,


      I can display the content of this wallet :

      orapki wallet display -wallet D:\oracle\ssl


      User Certificates:

      Subject:        CN=*.aareon.fr,OU=Gandi Standard Wildcard SSL,OU=Domain Control Validated

      Trusted Certificates:

      Subject:        CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

      Subject:        CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR


      so I change my SSL configuration to use this wallet (SSLWallet), and during OHS startup, I got this error message :


      OHS:2052 server ****:4443 has an invalid wallet: file:D:\\oracle\\ssl

      OHS:2171 NZ Library Error: Unknown error


      So another Unknown Error :


      Please could someone help me ?