How to Create a Keystore Based on the Content of an Oracle Wallet in Application Server 10g (Doc ID 436122.1)

Last updated on NOVEMBER 13, 2023

Applies to:

Goal

There are two SSL Setups described:
1. Setting up SSL for the HTTP Server
2. Setting up SSL with OC4J

The problem is how do you use the same certificates for both HTTP Server which uses Wallet Manager and OC4J which uses Java Keytool?

In Oracle Application Server 10g there is not a "direct" way to do this. See <Note 818274.1> - Can an Oracle Wallet be Converted to a Java Keystore?

The current JDK version 1.4.x does not provide the right tools to convert a p12 format file (Wallet File) to a keystore format file which is needed for setting up SSL with OC4J. The keytool itself is not able to import the signed certificate if the private key and request has not been generated using the keytool itself. So, even if you have the private key, the certificate and the root certificate, these can't be imported right away in the keystore.

Wallet manager handles the certificates using the p12 format. Wallet manager also allows you to export the whole wallet which will include the Private Keys, Certificate Requests, Certificate and root ca certificates. The problem again is that keytool does not have the option to import the private keys and without the private keys you won't be able to import the signed certificates.

In this document it is described an alternative way to do this in Oracle Application Server 10g.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.