How To Create PKCS11 Wallet With Private Key and Certificate Set on External Device (Doc ID 453523.1)

Last updated on OCTOBER 26, 2015

Applies to:

Oracle Security Service - Version 10.1.0.2 to 10.2.0.5 [Release 10.1 to 10.2]
Information in this document applies to any platform.
Checked for relevance on 23-Oct-2013


This note assumes that

1. You are familiar with Oracle, Oracle Wallet Manager, mkwallet and orapki (refer to Oracle Supplied Documentation and Training).

The Luna SA appliance is taken for example in this case. Thus, assumes that

2. You have installed the Luna SA hardware and software. That is performed Luna SA setup procedures
(described in the QuickStart Guide or in the Configuration section of this Help) to set up the trust channel
between the appliance and your oracle client/server machine

If you are using smartcard at the client side, then this document assumes that

3. You already have the user certificate, private key and other necessary certificates on the smart card.
Thus, in this case you would only create an pkcs11 wallet and save the certificate labels appropriately

Note:
The Oracle Advanced Security Network Development has tested with HSMs - Luna SA v3.0.1, nCipher: nForce F2 300 PCI (nC3022P-300) and SmartCards - AET


Goal

To create PKCS11 wallet with private key and certificate set on external device(LunaSA appliance in this case ).   This pkcs11 wallet, later could be
used in the oracle SSL communication between client and server.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms