Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
 New Oracle Articles


 Oracle Training
 Oracle Tips
 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security
 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote support
 Remote plans
 Remote services
 Application Server
 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support
 Remote Support  
 Development  
 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


  Oracle Posters
 Oracle Books
  Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 
 
 
 

Oracle wallet tips

Oracle Database Tips by Donald BurlesonAugust 13, 2015

Tutorial of the Oracle wallet manager

Oracle Wallets are password-protected containers that are used to store SSL-related:

  • Authentication and signing credentials

  • Private keys

  • Certificates

  • Trusted certificates

The Oracle Wallet Manager is an application that wallet owners use to maintain the security credentials in their Oracle wallets. You use the Oracle Wallet Manager to perform tasks such as:

  • Creating wallets

  • Generating certificate requests

  • Opening wallets to access PKI-based services

  • Save credentials to cryptographic hardware devices, such as smart cards

  • Upload wallets to and download them from an LDAP directory

  • Import third-party PKCS #12-format wallets, and export Oracle wallets to a third-party environment

The Oracle Wallet manager can save credentials to smart cards by using APIs which comply to the Public-Key Cryptography Standards #11 (PKCS #11) specification.

Create the Wallet with the Oracle wallet manager

Navigate to $INST_TOP/certs/Apache directory to create the new wallet.

[applmgr@ebs appl]$ cd $INST_TOP/certs/Apache
[applmgr@ebs Apache]$ pwd
/d01/app/oracle/inst/apps/PROD_ebs/certs/Apache
[applmgr@ebs Apache]$ ls
cwallet.sso ewallet.p12

You should see the demo wallets that Rapid Install created after R12 was installed as shown above. Start the OWM (Oracle Wallet Manager) as shown in the figure example listed below.


Select the option Wallet-> New

It will prompt you with "Your default wallet directory doesn't exist. Do you wish to create it now?" Choose No.


The new wallet screen will now prompt you to enter a password for your wallet.
Enter the password


The new empty wallet is created. We do need to create the new certificate request so choose yes.

Common Name: is the name of your server including the domain.
Organizational Unit: (optional) The unit within your organization.
Organization: is the name of your organization.
Locality/City: is your locality or city.
State/Province: is the full name of your State or Province - do not abbreviate.

Select your Country from the drop down list.

Click OK.

Oracle wallet manager and LDAP

The Oracle Wallet Manager can upload and retrieve wallets them from an LDAP-compliant directory. The use of a centralized LDAP-compliant directory to store wallets allows users access them from multiple locations or devices, thus ensuring consistent and reliable user authentication while providing for centralized wallet management throughout the wallet life cycle. Oracle prevents the accidental over-write of functional wallets by only allowing wallets containing an installed certificate to be uploaded.

The LDAP directory must have the Enterprise user defined and configured prior to use of the Oracle Wallet Manager to upload or download wallets for a user. When a directory contains Oracle8i (or prior) users, they are automatically upgraded to use the wallet upload and download feature on their first use.

Download of a user's wallet from the LDAP directory using the Oracle Wallet Manager is accomplished using a simple password-based connection to the LDAP directory. However, when the wallet contains an SSL Oracle PKI certificate it uses an SSL connection. Password-based authentication is used when an SSL certificate is not present in the wallet.

Uploading a Wallet to an LDAP Directory

When uploading a wallet into an LDAP directory, the Oracle Wallet Manager will use SSL if an SSL certificate is contained in the specified wallet. Otherwise, it lets you upload after entering the directory password.

In order to prevent the accidental destruction of a target wallet, the Oracle Wallet Manager will not allow anyone to execute the upload option unless the target wallet is currently open and it contains at least one user certificate.

To upload a wallet use the following procedure:

  1. Start the Oracle Wallet Manager GUI by specifying the owm command at the command line. In Windows it will be Start>Programs>Oracle_home>Integrated Management Tools>Wallet Manager.
     

  2. From the Wallet Manager Menu Bar choose Wallet > Upload Into The Directory Service. If the currently open wallet has not been saved, a dialog box appears with the following warning: Wallet needs to be saved before uploading. Choose Yes to proceed.
     

  3. Before uploading starts, Wallet certificates are checked for SSL key usage. If at least one certificate has SSL key usage, a dialog box will prompt for the LDAP directory server and the port. You enter the server and port information and click on OK. The Oracle Wallet Manager will then attempt connection to the LDAP directory server using SSL. A message will appear indicating whether the wallet was uploaded successfully or it failed.


 

 
��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.