How To Create A New Wallet and Java Keystore From an Existing Private Key and Server Certificate (11g/12c) (Doc ID 2215283.1)

Last updated on APRIL 08, 2024

Applies to:

Goal

A normal process to begin using SSL on Oracle HTTP Server (OHS) and/or Oracle WebLogic Server (WLS) is to create a Wallet or Keystore, generate a request for a certificate and provide to the Certificate Authority who will give you a certificate. Then import the certificate(s) into the Wallet or Keystore. Tools used to generate a request are orapki for C-based system components (.e.g., OHS) and keytool for Java-based components (e.g., WLS).

In the above use case, if needing both a Wallet and Keystore, (e.g., using both OHS and WLS), one would usually generate a request for one and then convert the keystore to wallet or vice versa.There are various methods to do this depending on your circumstances.

Sometimes generating a new request for an Oracle Wallet or Java Keystore is not feasible because a certificate has already been issued from the Certificate Authority for an existing private/public key pair. The goal of this article is to demonstrate how to create a new Oracle Wallet or Java Keystore from an existing decrypted private key and server certificate that is in base64 format.

Tools needed for this article:

• OpenSSL - Commonly available on most UNIX or Linux operating systems.
• Java Keytool - Provided with Oracle Java
• OraPKI - Provided with Oracle Fusion Middleware and Database products
  

These steps have been tested when using OHS 11g 11.1.1.7 and WLS 10.3.6. These steps should work on all versions with minimal modifications depending on use case and version differences.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.