How To Create A New Wallet and Java Keystore From an Existing Private Key and Server Certificate (11g/12c)
(Doc ID 2215283.1)
Last updated on JANUARY 23, 2018
Applies to:Oracle Fusion Middleware - Version 220.127.116.11.0 and later
Oracle HTTP Server - Version 18.104.22.168.0 and later
Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
A normal process to begin using SSL on Oracle HTTP Server (OHS) and/or Oracle WebLogic Server (WLS) is to create a Wallet or Keystore, generate a request for a certificate and provide to the Certificate Authority who will give you a certificate. Then import the certificate(s) into the Wallet or Keystore. Tools used to generate a request are orapki for C-based system components (.e.g., OHS) and keytool for Java-based components (e.g., WLS).
In the above use case, if needing both a Wallet and Keystore, (e.g., using both OHS and WLS), one would usually generate a request for one and then convert the keystore to wallet or vice versa.There are various methods to do this depending on your circumstances.
Sometimes generating a new request for an Oracle Wallet or Java Keystore is not feasible because a certificate has already been issued from the Certificate Authority for an existing private/public key pair. The goal of this article is to demonstrate how to create a new Oracle Wallet or Java Keystore from an existing decrypted private key and server certificate that is in base64 format.
Tools needed for this article:
- OpenSSL - Commonly available on most UNIX or Linux operating systems.
- Java Keytool - Provided with Oracle Java
- OraPKI - Provided with Oracle Fusion Middleware and Database products
These steps have been tested when using OHS 11g 22.214.171.124 and WLS 10.3.6. These steps should work on all versions with minimal modifications depending on use case and version differences.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!