Free Oracle Tips

HTML Text

Home
E-mail Us
Oracle Articles

Oracle Training
Oracle News
Oracle Forum
Class Catalog

Our Staff
Our Prices
Help Wanted!

Remote DBA
Oracle Tuning
Emergency 911
RAC Support
Apps Support
Analysis
Design
Implementation
Oracle Support

SQL Tuning
Security
UNIX
Oracle UNIX
Linux
Oracle Linux
Monitoring
Remote help
Remote plans
Remote services
Oracle C++
Oracle Java
Apache
JDeveloper
App Server
Applications
Oracle Forms
Oracle Portal
11i Upgrades
SQL Server
Oracle Concepts
HTML-DB Tips
Software Help
Remote Help
Development
Implementation

Financials Training
Oracle 11i
Oracle Apps 11i
Oracle Workflow
Oracle AR 11i Class
Oracle AP 11i class
Oracle GL 11i class
Oracle HR 11i class
Oracle FA 11i class
11i Project Mgt
11i procurement
11i collections

Oracle Posters
Oracle Books
Oracle Tuning Book
Oracle RAC Book
Oracle Security
Easy Oracle Books
Oracle Scripts
SQL Server DBA
SQL Design Patterns
Ion
Excel-DB

BC Oracle News

Rednecks!
Dress code
Arabian Stallion
Burleson Arabians
Guide Horses
Don Burleson Blog
Golf & Travel

Privacy Policy

Oracle wallet manager tips

Oracle Tips by Burleson Consulting
August 13, 2009

Overview of the Oracle wallet manager

Oracle Wallets are password-protected containers that are used to store SSL-related:

Authentication and signing credentials
Private keys
Certificates
Trusted certificates

The Oracle Wallet Manager is an application that wallet owners use to maintain the security credentials in their Oracle wallets. You use the Oracle Wallet Manager to perform tasks such as:

Creating wallets
Generating certificate requests
Opening wallets to access PKI-based services
Save credentials to cryptographic hardware devices, such as smart cards
Upload wallets to and download them from an LDAP directory
Import third-party PKCS #12-format wallets, and export Oracle wallets to a third-party environment

The Oracle Wallet manager can save credentials to smart cards by using APIs which comply to the Public-Key Cryptography Standards #11 (PKCS #11) specification.

Create the Wallet with the Oracle wallet manager

Navigate to $INST_TOP/certs/Apache directory to create the new wallet.

[applmgr@ebs appl]$ cd $INST_TOP/certs/Apache
[applmgr@ebs Apache]$ pwd
/d01/app/oracle/inst/apps/PROD_ebs/certs/Apache
[applmgr@ebs Apache]$ ls
cwallet.sso ewallet.p12

You should see the demo wallets that Rapid Install created after R12 was installed as shown above. Start the OWM (Oracle Wallet Manager) as shown in the figure example listed below.

Select the option Wallet-> New

It will prompt you with “Your default wallet directory doesn't exist. Do you wish to create it now?” Choose No.

The new wallet screen will now prompt you to enter a password for your wallet.
Enter the password

The new empty wallet is created. We do need to create the new certificate request so choose yes.

Common Name: is the name of your server including the domain.
Organizational Unit: (optional) The unit within your organization.
Organization: is the name of your organization.
Locality/City: is your locality or city.
State/Province: is the full name of your State or Province - do not abbreviate.

Select your Country from the drop down list.

Click OK.

Oracle wallet manager and LDAP

The Oracle Wallet Manager can upload and retrieve wallets them from an LDAP-compliant directory. The use of a centralized LDAP-compliant directory to store wallets allows users access them from multiple locations or devices, thus ensuring consistent and reliable user authentication while providing for centralized wallet management throughout the wallet life cycle. Oracle prevents the accidental over-write of functional wallets by only allowing wallets containing an installed certificate to be uploaded.

The LDAP directory must have the Enterprise user defined and configured prior to use of the Oracle Wallet Manager to upload or download wallets for a user. When a directory contains Oracle8i (or prior) users, they are automatically upgraded to use the wallet upload and download feature on their first use.

Download of a user's wallet from the LDAP directory using the Oracle Wallet Manager is accomplished using a simple password-based connection to the LDAP directory. However, when the wallet contains an SSL Oracle PKI certificate it uses an SSL connection. Password-based authentication is used when an SSL certificate is not present in the wallet.

Uploading a Wallet to an LDAP Directory

When uploading a wallet into an LDAP directory, the Oracle Wallet Manager will use SSL if an SSL certificate is contained in the specified wallet. Otherwise, it lets you upload after entering the directory password.

In order to prevent the accidental destruction of a target wallet, the Oracle Wallet Manager will not allow anyone to execute the upload option unless the target wallet is currently open and it contains at least one user certificate.

To upload a wallet use the following procedure:

Start the Oracle Wallet Manager GUI by specifying the owm command at the command line. In Windows it will be Start>Programs>Oracle_home>Integrated Management Tools>Wallet Manager.
From the Wallet Manager Menu Bar choose Wallet > Upload Into The Directory Service. If the currently open wallet has not been saved, a dialog box appears with the following warning: Wallet needs to be saved before uploading. Choose Yes to proceed.
Before uploading starts, Wallet certificates are checked for SSL key usage. If at least one certificate has SSL key usage, a dialog box will prompt for the LDAP directory server and the port. You enter the server and port information and click on OK. The Oracle Wallet Manager will then attempt connection to the LDAP directory server using SSL. A message will appear indicating whether the wallet was uploaded successfully or it failed.

Oracle performance Tuning 10g reference poster

Oracle training & performance tuning books