Friday, 13 December 2013

Auto login Wallet - Create from .key


Self Signed Wallet - Create from .key


There are a few steps to creating this:

  1. Convert certificates and key to correct format
  2. Create .p12 from certificate and key
  3. Create Auto login Wallet from .p12

What tools we are going to be using

To convert Keys and Certificate to PEM

  • X509
  • Rsa
To Convert to .p12

  • openssl
To Convert .p12 to .sso

  • orapki

Steps


Convert to PEM

We need to make sure your key and certificates are in PEM format.
To convert a certificate from DER to PEM:
  •  x509 –in in.crt –inform DER –out out.crt –outform PEM

To convert a key from DER to PEM:
  • rsa –in in.key –inform DER –out out.key –outform PEM


Create Wallet

Once we have out PEM formatted Keys and Certificates, we need to create the .p12
There are two commands we can use here, one if we only have one certificate and the other if we have a root certificate as well.

Option 1

openssl pkcs12 -export -in in.crt -inkey in.key -out bundle.p12

Option 2

openssl pkcs12 -export -in in.crt -inkey in.key -certfile root.crt -out bundleRoot.p12


You will be prompted to enter a password, let’s assume we used password.

Create Auto Login

Then we have to create the Auto login wallet, to do this you need JAVA_HOME other wise you may get an error similar to this:
$JAVA_HOME should point to valid Java runtime

My Java Home was at: /u01/app/oracle/product/jvm/
Thus
export JAVA_HOME=/u01/app/oracle/product/jvm

if you don’t know where “orapki” is, search for it, it is most probably in the oracle_common.

Mine was at: /u01/app/oracle/product/fmw/oracle_common/bin/orapki

Thus I ran
/u01/app/oracle/product/fmw/oracle_common/bin/orapki  wallet create -wallet bundleRoot.p12 -auto_login -pwd password

This creates a cwallet.sso file.

Edit:

When I tried this again on another server I got an error. 
Exception in thread "main" java.lang.NullPointerException
        at oracle.security.pki.C14.d(C14)
        at oracle.security.pki.OracleWallet.createSSO(OracleWallet)
        at oracle.security.pki.textui.OracleWalletTextUI.create(OracleWalletTextUI)
        at oracle.security.pki.textui.OracleWalletTextUI.command(OracleWalletTextUI)
        at oracle.security.pki.textui.OraclePKITextUI.main(OraclePKITextUI)


so I ran this:
/u01/app/oracle/product/fmw/oracle_common/bin/orapki  wallet create -wallet ./ -auto_login

Note: I was in the same Directory as my bundleRoot.p12.

My complete commands looked like this:

cd /u01/app/oracle/product/fmw/asinst_1/config/OHS/ohs1/keystores/
openssl pkcs12 -export -in domain.co.za.crt -inkey certKey.key -certfile gd_bundle.crt -out bundleRoot.p12
cd /
find -iname orapki
export JAVA_HOME=/u01/app/oracle/product/jvm
/u01/app/oracle/product/fmw/oracle_common/bin/orapki wallet create -wallet bundleRoot.p12 -auto_login -pwd password

Resources:

http://support.citrix.com/article/CTX106630
http://docs.oracle.com/cd/E11882_01/network.112/e10746/asoappf.htm#ASOAG9831

Notes:


  • If you are creating this for EBS, dont create the bundleRoot.p12 but rather a ewallet.p12.
  • To view the wallets details run this:
    • /u01/app/oracle/product/fmw/oracle_common/bin/orapki wallet display -wallet ewallet.p12


#bearMan saving you.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)