The Oracle wallet is a secure place to keep keys and certificates. The Oracle wallet is the part of PKI ( Public Key Infrastructure). There are many ways to manage Oracle wallets. One of the methods is to use orapki utilities. In this note, I will show you some practical examples to use orapki utilities. The other methods can be used for managing wallets are owm GUI tool and mkstore command. These tools will be the subject of another note.
I will explain orapki utility with a sample. Imagine that you want to get service from an https website by using PL/SQL procedures in Oracle database ( Although I never advise reaching https services from Oracle databases, in some cases, it is required). And the service provider sent to you certificates.
The First Step: Create the Oracle Wallet
orapki wallet create -wallet /home1/oracle/wallet –pwd passwd123 -auto_login
With this code, you created a wallet in /home1/oracle/wallet directory with passwd123 password. You should send wallet location and password to the developers because developers will use these parameters in UTL_HTTP package.
After this command, two files ( which are the wallet) are created in the wallet location.
–rw——- 1 oracle dba 6800 Nov 23 15:42 ewallet.p12
–rw——- 1 oracle dba 6877 Nov 23 15:42 cwallet.sso
The Second Step: Add Certificates
Now put certificates which were sent by service providers into wallet location and add these certificates into the wallet with below command, first add the root certificate.
orapki wallet add -wallet /home1/oracle/wallet -trusted_cert -cert “root.cer” –pwd passwd123
orapki wallet add -wallet /home1/oracle/wallet -trusted_cert -cert “app.cer” –pwd passwd123
root.cer and app.cer is the file name of certificates.
If you get below messages after adding the certificate. It means the operation is successful.
Oracle PKI Tool : Version 18.104.22.168.0 – Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
The Third Step Check Oracle Wallet
orapki wallet display -wallet /home1/oracle/wallet
With this command, you can see all certificates which are in the wallet.
The Fourth Step Check the https service
Now you can write a small PL\SQL code to check your wallet . Simply the below code open your wallet by giving the location of wallet and its password and then it makes request to the web service with the wallet. If you get 200 from this code it means you are successful.
set serveroutput on
lo_req := UTL_HTTP.begin_request(‘https://webservice.asmx‘);
lo_resp := UTL_HTTP.get_response(lo_req);
Thanks for reading this note.
Y. Anıl Akduygu