Tag: oracle application server

After having to do this several times in the past few weeks I have updated my directions on managing secure certificates in OAS to include importing a renewed OAS certificate.

application administration, oas, oracle application server, sysadmin, system administration, oracle

Here’s my cliff notes directions for managing secure certificates using Oracle Wallet Manager. These directions were written for Oracle Application Server 10g(9.0.4) and my not work right with other versions. As always, don’t do it if you don’t understand it.

NOTE: When you generate a certificate request within a wallet you must then import the certificate into the EXACT SAME WALLET! So it is important to not forget the path, or password to the wallet, but also a copy can be made of the wallet by copying the ewallet.p12 and cwallet.sso files from the path where you saved the wallet to another directory.

Generate a certificate request:

1. On the system you want to display the wallet manager on run
   xhost +serverhostname.
2. ssh to the system the cert is for.
3. Export the display to somewhere you can view it
   DISPLAY=localhostname:0.0; export DISPLAY
4. Start Oracle Wallet Manager from $ORACLE_HOME/bin (should be in the path)
   owm
5. Select New from the Wallet menu.
6. Answer No to creating the default location.
7. Give the wallet a secure password and select OK.
8. Answer Yes to create a certificate request.
9. Enter the following information to generate the request. If you’re not sure about some of this info, check with someone at your site who has done cert requests before. It is important that it is all accurate.


Common Name: The fully qualified domain name (e.g. gimli.plymouth.edu)
Organizational Unit: Typically a department name (e.g. Information Technology Services)
Organization Name: Your organizations official name (e.g. Plymouth State University)
Locality/City: Plymouth
State/Provence: New Hampshire
Country: United States
Key Size: (1024 is OK, 2048 is better)

10. Click OK once these values are all correct.
11. Click OK in the “Please submit” dialogue.
12. Select Auto Login from the Wallet menu.
13. Select Save from the Wallet menu and save the wallet to a safe, non-public directory on your server (being careful not to overwrite another wallet.)
14. Click on the certificate request in the wallet tree then select Export Certificate Request from the Operations menu and export the request to a file.
15. Send the certificate request file to the certificate authority to obtain a user certificate.

Importing a Certificate:

1. Follow the instructions above to connect to the server and export the display.
2. Transfer the certificate you received from your certificate authority to the server.
3. Open Oracle Wallet Manager and open the wallet the cert request was created from.
4. Select Import User Certificate from the Operations menu. DO NOT import the certificate as a trusted certificate.
5. Select Import Certificate From File and then select the file containing the certificate.
6. If you are prompted to import the CA certificate, select Yes and follow these steps to get the CA cert:
   1. On a Windows box, rename the certificate to have a .cer extention (which should change the icon.)
   2. Double click on the certificate and select the Certification Path tab.
   3. Select the highest level of the certification path (e.g. Thawte Premium Server CA) and click View Certificate.
   4. Select the Details tab and click Copy to File…
   5. Follow the directions on screen to export the CA certificate as a Base-64 Certificate.
   6. Once exported, copy the CA certificate to the host the wallet is on.
   7. In the Import Trusted Certificate dialogue box, choose Select a file that contains the certificate and click OK.
   8. Select the CA Cert file you have just uploaded and click OK.
7. The certificate should now have the word Ready next to it. That indicates the certificate is ready to use.
8. Confirm that Auto Login is checked in the Wallet menu.
9. Save the wallet by choosing Save from the Wallet menu.
10. Exit the wallet manager.

From here you’ll have to follow the instructions in the Oracle HTTP Server Administration Guide to complete the SSL setup.

Importing a Renewed Certificate

These directions are for when your certificate authority has renewed your cert based on your previous request.

1. Follow the instructions above to connect to the server and export the display.
2. Transfer the certificate you received from your certificate authority to the server.
3. Open Oracle Wallet Manager and open the wallet the cert request was created from.
4. Click on the existing certificate, select Remove User Certificate from the Operations menu and click Yes to confirm.
5. Click on the certificate (now in [Requested] status) from the wallet and select Import User Certificate from the Operations menu.
6. Select Import Certificate From File and then select the file containing the certificate.
7. The certificate should now have the word Ready next to it. That indicates the certificate is ready to use.
8. Confirm that Auto Login is checked in the Wallet menu.
9. Save the wallet by choosing Save from the Wallet menu.
10. Exit the wallet manager.

oracle, oracle application server, oas, application administration, system administration, sysadmin