1 Reply Latest reply on Mar 3, 2017 2:15 PM by Thomas Lassauniere

    Problem creating wallet for OHS from private certificate

    Thomas Lassauniere

      Hi

       

      I'm trying to enable SSL communication in OHS (version 12CR2, 12.2.1.2.0)

      I've got from my SI a file containing server private key, and the trusted chain

       

      Here is the content of the file (aareonfr.pem) (without certificate of course)

       

      -----BEGIN CERTIFICATE-----

      ...

      -----END CERTIFICATE-----

      -----BEGIN RSA PRIVATE KEY-----

      ...

      -----END RSA PRIVATE KEY-----

      -----BEGIN CERTIFICATE-----

      ...

      -----END CERTIFICATE-----

      -----BEGIN CERTIFICATE-----

      ...

      -----END CERTIFICATE-----

       

      So I tried to import it from orapki command doing :

       

      orapki wallet create -wallet d:\oracle\keystore

      orapki wallet add -wallet d:\oracle\keystore -cert D:\oracle\ssl\aareonfr.pem -user_cert

       

      Error is :

      Could not install user cert atD:\oracle\ssl\aareonfr.pem

      Please add all trusted certificates before adding the user certificate

       

      Si I tried to add trusted certificate chain (root, and intermediate)

      orapki wallet add -wallet d:\oracle\keystore -cert D:\oracle\ssl\root.pem -trusted_cert

      orapki wallet add -wallet d:\oracle\keystore -cert D:\oracle\ssl\intermediate.pem -trusted_cert

       

      Error is :

      An error occured :

       

      OK I got an error but with NO MESSAGE????

       

      Ok orapki seems to not do this kind off stuff, so I followed another procedure by converting my export chain (PEM) to p12 format using openssl

      openssl pkcs12 -export -in aareonfr.pem -out ewallet.p12

       

      then use orapki to enable auto_login for this wallet

      orapki wallet create -wallet d:\oracle\ssl -auto_login

       

      OK this seems to work,

       

      I can display the content of this wallet :

      orapki wallet display -wallet D:\oracle\ssl

       

      User Certificates:

      Subject:        CN=*.aareon.fr,OU=Gandi Standard Wildcard SSL,OU=Domain Control Validated

      Trusted Certificates:

      Subject:        CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

      Subject:        CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR

       

      so I change my SSL configuration to use this wallet (SSLWallet), and during OHS startup, I got this error message :

       

      OHS:2052 server ****:4443 has an invalid wallet: file:D:\\oracle\\ssl

      OHS:2171 NZ Library Error: Unknown error

       

      So another Unknown Error :

       

      Please could someone help me ?

      Regards

      Thomas

        • 1. Re: Problem creating wallet for OHS from private certificate
          Thomas Lassauniere

          OK i found a solution

           

          1/ convert PEM file to P12 certificate

          openssl pkcs12 -export -in cert_chain_with_private_key.pem -out keystore.p12

           

          2/ create a new oracle wallet

          orapki wallet create -wallet wallet_path

           

          3/ import P12 into wallet

          orapki wallet import_pkcs12 -wallet wallet_path -pkcs12file keystore.p12

           

          4/ enable auto login

          orapki wallet create -wallet wallet_path -auto_login -with_trust_flags -compat_v12

           

          5/ Configure SSL to use this wallet

          SSLWallet "wallet_path"

           

          6/ Restart OHS

           

          And miraculously It works \o/