My Oracle Support Banner

How To Create PKCS11 Wallet With Private Key and Certificate Set on External Device (Doc ID 453523.1)

Last updated on FEBRUARY 01, 2022

Applies to:

Oracle Security Service - Version to [Release 10.1 to 10.2]
Information in this document applies to any platform.

This note assumes that

1. You are familiar with Oracle, Oracle Wallet Manager, mkwallet and orapki (refer to Oracle Supplied Documentation and Training).

The Luna SA appliance is taken for example in this case. Thus, assumes that

2. You have installed the Luna SA hardware and software. That is performed Luna SA setup procedures
(described in the QuickStart Guide or in the Configuration section of this Help) to set up the trust channel
between the appliance and your oracle client/server machine

If you are using smartcard at the client side, then this document assumes that

3. You already have the user certificate, private key and other necessary certificates on the smart card.
Thus, in this case you would only create an pkcs11 wallet and save the certificate labels appropriately

The Oracle Advanced Security Network Development has tested with HSMs - Luna SA v3.0.1, nCipher: nForce F2 300 PCI (nC3022P-300) and SmartCards - AET


To create PKCS11 wallet with private key and certificate set on external device(LunaSA appliance in this case ).   This pkcs11 wallet, later could be
used in the oracle SSL communication between client and server.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.