How To Create PKCS11 Wallet With Private Key and Certificate Set on External Device
(Doc ID 453523.1)
Last updated on OCTOBER 26, 2015
Applies to:Oracle Security Service - Version 10.1.0.2 to 10.2.0.5 [Release 10.1 to 10.2]
Information in this document applies to any platform.
Checked for relevance on 23-Oct-2013
This note assumes that
1. You are familiar with Oracle, Oracle Wallet Manager, mkwallet and orapki (refer to Oracle Supplied Documentation and Training).
The Luna SA appliance is taken for example in this case. Thus, assumes that
2. You have installed the Luna SA hardware and software. That is performed Luna SA setup procedures
(described in the QuickStart Guide or in the Configuration section of this Help) to set up the trust channel
between the appliance and your oracle client/server machine
If you are using smartcard at the client side, then this document assumes that
3. You already have the user certificate, private key and other necessary certificates on the smart card.
Thus, in this case you would only create an pkcs11 wallet and save the certificate labels appropriately
The Oracle Advanced Security Network Development has tested with HSMs - Luna SA v3.0.1, nCipher: nForce F2 300 PCI (nC3022P-300) and SmartCards - AET
To create PKCS11 wallet with private key and certificate set on external device(LunaSA appliance in this case ). This pkcs11 wallet, later could be
used in the oracle SSL communication between client and server.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document