My Oracle Support Banner

How To Create A New Wallet and Java Keystore From an Existing Private Key and Server Certificate (11g/12c) (Doc ID 2215283.1)

Last updated on MAY 07, 2019

Applies to:

Oracle Fusion Middleware - Version and later
Oracle HTTP Server - Version and later
Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.


A normal process to begin using SSL on Oracle HTTP Server (OHS) and/or Oracle WebLogic Server (WLS) is to create a Wallet or Keystore, generate a request for a certificate and provide to the Certificate Authority who will give you a certificate. Then import the certificate(s) into the Wallet or Keystore. Tools used to generate a request are orapki for C-based system components (.e.g., OHS) and keytool for Java-based components (e.g., WLS).

In the above use case, if needing both a Wallet and Keystore, (e.g., using both OHS and WLS), one would usually generate a request for one and then convert the keystore to wallet or vice versa.There are various methods to do this depending on your circumstances.

Sometimes generating a new request for an Oracle Wallet or Java Keystore is not feasible because a certificate has already been issued from the Certificate Authority for an existing private/public key pair. The goal of this article is to demonstrate how to create a new Oracle Wallet or Java Keystore from an existing decrypted private key and server certificate that is in base64 format.

Tools needed for this article:


These steps have been tested when using OHS 11g and WLS 10.3.6. These steps should work on all versions with minimal modifications depending on use case and version differences.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.