How to Create a Keystore Based on the Content of an Oracle Wallet in Application Server 10g
(Doc ID 436122.1)
Last updated on JANUARY 24, 2017
Applies to:Oracle HTTP Server - Version 10.1.2.0.2 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
Oracle Containers for J2EE - Version 10.1.2.0.2 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
Information in this document applies to any platform.
There are two SSL Setups described:
1. Setting up SSL for the HTTP Server
2. Setting up SSL with OC4J
The problem is how do you use the same certificates for both HTTP Server which uses Wallet Manager and OC4J which uses Java Keytool?
In Oracle Application Server 10g there is not a "direct" way to do this. See <Note 818274.1> - Can an Oracle Wallet be Converted to a Java Keystore?
The current JDK version 1.4.x does not provide the right tools to convert a p12 format file (Wallet File) to a keystore format file which is needed for setting up SSL with OC4J. The keytool itself is not able to import the signed certificate if the private key and request has not been generated using the keytool itself. So, even if you have the private key, the certificate and the root certificate, these can't be imported right away in the keystore.
Wallet manager handles the certificates using the p12 format. Wallet manager also allows you to export the whole wallet which will include the Private Keys, Certificate Requests, Certificate and root ca certificates. The problem again is that keytool does not have the option to import the private keys and without the private keys you won't be able to import the signed certificates.
In this document it is described an alternative way to do this in Oracle Application Server 10g.
Oracle Fusion Middleware Administrator's Guide 11g Release 1 (11.1.1)
H Oracle Wallet Manager and orapki
H.1.6 Converting Between Oracle Wallet and JKS Keystore
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!