Orapki Utility to Manage Oracle Wallets
The Oracle wallet is a secure place to keep keys and certificates. The Oracle wallet is the part of PKI ( Public Key Infrastructure). There are many ways to manage Oracle wallets. One of the methods is to use orapki utilities. In this note, I will show you some practical examples to use orapki utilities. The other methods can be used for managing wallets are owm GUI tool and mkstore command. These tools will be the subject of another note.
I will explain orapki utility with a sample. Imagine that you want to get service from an https website by using PL/SQL procedures in Oracle database ( Although I never advise reaching https services from Oracle databases, in some cases, it is required). And the service provider sent to you certificates.
The First Step: Create the Oracle Wallet
orapki wallet create -wallet /home1/oracle/wallet –pwd passwd123 -auto_login
With this code, you created a wallet in /home1/oracle/wallet directory with passwd123 password. You should send wallet location and password to the developers because developers will use these parameters in UTL_HTTP package.
After this command, two files ( which are the wallet) are created in the wallet location.
–rw——- 1 oracle dba 6800 Nov 23 15:42 ewallet.p12
–rw——- 1 oracle dba 6877 Nov 23 15:42 cwallet.sso
The Second Step: Add Certificates
Now put certificates which were sent by service providers into wallet location and add these certificates into the wallet with below command, first add the root certificate.
orapki wallet add -wallet /home1/oracle/wallet -trusted_cert -cert “root.cer” –pwd passwd123
orapki wallet add -wallet /home1/oracle/wallet -trusted_cert -cert “app.cer” –pwd passwd123
root.cer and app.cer is the file name of certificates.
If you get below messages after adding the certificate. It means the operation is successful.
Oracle PKI Tool : Version 11.2.0.4.0 – Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
The Third Step Check Oracle Wallet
orapki wallet display -wallet /home1/oracle/wallet
With this command, you can see all certificates which are in the wallet.
The Fourth Step Check the https service
Now you can write a small PL\SQL code to check your wallet . Simply the below code open your wallet by giving the location of wallet and its password and then it makes request to the web service with the wallet. If you get 200 from this code it means you are successful.
set serveroutput on
DECLARE
lo_req UTL_HTTP.req;
lo_resp UTL_HTTP.resp;
BEGIN
UTL_HTTP.SET_WALLET (‘file:/home1/oracle/wallet’,’passwd123′);
lo_req := UTL_HTTP.begin_request(‘https://webservice.asmx‘);
lo_resp := UTL_HTTP.get_response(lo_req);
dbms_output.put_line(lo_resp.status_code);
END;
/
200
Thanks for reading this note.
Y. Anıl Akduygu
Alex, and 
Alex are discussing. 
Database Security 
Alex 19:58 on 20 January 2018 Permalink |
You really make it appear so easy along with your presentation but I to find this topic to be really one thing which I think I would never understand. It seems too complex and extremely huge for me. I’m looking forward for your subsequent publish, I will attempt to get the cling of it!
LikeLike
Alex 03:05 on 21 January 2018 Permalink |
I’m now not sure where you’re getting your information, but good topic. I must spend some time finding out much more or understanding more. Thank you for fantastic information I was on the lookout for this information for my mission.
LikeLike