"Some Trusted Certificates Could Not be Installed" - Unable to Import Trusted Certificate into Oracle Wallet
Last updated on JUNE 14, 2016
Applies to:
Oracle Fusion Middleware - Version 10.1.2.0.0 to 10.1.4.3.0 [Release AS10gR2 to AS10gR3]Oracle HTTP Server - Version 10.1.2.0.0 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
Oracle Security Service - Version 10.1.0.4 to 10.2.0.5 [Release 10.1 to 10.2]
Information in this document applies to any platform.
Oracle Application Server 10g Release 3 - Version: 10.1.2.0.0 to 10.1.3.5.0
Oracle Identity Management 10g Release 3 - Version: 10.1.4.0.1 to 10.1.4.3.0
***Checked for relevance on 14-Jan-2015***
Symptoms
There is an issue importing a trusted CA(Certificate Authority) certificate in to Oracle Wallet using OWM (Oracle Wallet Manager), ssl2ossl, or orapki command line utilities. The errors seen as follows:
Some trusted certificate could not be installed.
or
Couldn't generate valid wallet, error = 28750!
Investigation of this issue reveals the following points:
1. This is seen on all OWM versions from the following Oracle products:
- Oracle Application Server 10.1.2.0.2 (OWM 10.1.0.4.0)
- Oracle Application Server 10.1.2.2.0, 10.1.3.x (OWM 10.1.0.5.0)
- Oracle Database 10.2.0.4 (OWM 10.2.0.4.0).
2. OWM from Oracle Database 11g is able to successfully import this certificate.
3. orapki displays certificate successfully, however it fails while importing the certificate into wallet.
4. openssl is able to view the certificate.
5. mkwallet fails to display the certificate as in following example:
$ $ORACLE_HOME/bin/mkwallet -q ./AC_Certisign_G3_64.cer
Oracle Wallet Commandline Tool for Linux: Version 9.0.0.0.0 - Production on 03-DEC-2008 10:51:49
Copyright (c) 1999 Oracle. All rights reserved.
Failed to retrieve certificate
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms