Oracle Notes - How To Build an Oracle Wallet with OpenSSL

DISCLAIMER: The information and links provided on this site are my personal notes, based on my limited experience installing, using, and deinstalling Oracle databases and application servers on a variety of computers using Windows NT/2000/XP operating systems. The installation and deinstallation procedures found here can cause irreversable loss of data and may damage your operating system. However, you are welcome to use them AT YOUR OWN RISK. I am in no way responsible for data you lose or operating systems you damage or destroy.

Introduction

This how-to provides abbreviated instructions for creating an oracle wallet with self-signed root and server certificates. This wallet can be used to test SSL connections to OracleAS 10g (9.0.4) application server Web Caches and other components.

NOTE: The scripts contained in ssl.ca-0.1.tar.gz are UNIX shell scripts. I do not know if Windows versions are available or not. Although my OracleAS 10g installation was on a Windows machine, I used a FreeBSD 4.11 server with the openSSL port installed to run the scripts and create the self-signed certificate authority root and server certificates.

Required Components

• Oracle Wallet Manager
• OpenSSL
• ssl.ca-0.1.tar.gz

Steps

1. Open Oracle Wallet Manager and create a new wallet and certificate request.
2. Export the certificate request to a file. Give it a .csr extension
3. Move the certificate request to the directory containing the openSSL certificate authority scripts (e.g. /usr/src/crytpo/openssl/apps/ssl.ca-0.1)
4. Create a self-signed root certificate by running the new-root-ca.sh script. This will create a file called ca.crt
5. Create the self-signed server certificate by running the sign-server-cert.sh script, e.g. # sign-server-cert.sh <certificate-request-filename>. This will create a file called <certificate-request-filename>.crt
6. Import the ca.crt into the Oracle wallet as a trusted certificate. Import the <certificate-request-filename>.crt as a user certificate.
7. Enable auto-login and save the wallet. It is now ready for use.

References

1. README file included with ssl.ca-0.1.tar.gz
2. Metacircle - Oracle Wallet Manager

[Return to HowTos]

HowTos
Oracle Notes Home