Oracle Wallet question

Similar Messages

• Oracle Wallet Manager question..

  Hello,
  I have a question on Oracle Wallet Manager and will appreciate if you can help me with this:
  In our environment, there are distributed databases and background processes running on different systems ( windows NT and SGI IRIX ) the application uses Oracle Background processes which have Database account names and login to processes running on different machines..
  In an environment which has 250+ systems, changing passwords every 60 days or so becomes very cumbersome and problematic: If one network link is down, the password change is not done on one system and the next time the application tries to access a remote process it does not work..
  Currently, the password changes are restricted to once a year ..
  In the long run, it would be a better solution to replace this set-up with a industry standard secure architecture (i.e. one using PKI tokens, Certificate Authority etc..)
  Currently, I am looking at Oracle Wallet Manager as a possible solution .. will appreciate, if you can give me some feedback, whether this will be feasible ..
  Thank you ..
  --osman

  I would like to share my idea.
  Use Oracle Internet Directory (LDAP), single sign-on, SSL (Oracle Wallet), keberos and Windows Native Authentication.
  Check OracleAS 10g (10.1.2) documentations.
  We did all the above which were included in the the integration of OracleAS 9.0.4 with Oracle Applications 11.5.10.

• Oracle TDE - Can multiple databases use the same Oracle wallet?

  Oracle Advanced Security Transparent Data Encryption
  I will have 2 or more databases running under the same Oracle 11.2 home. According to Oracle's documentation, it is preferred to reference the wallet via the sqlnet.ora file. That's fine. My question is if I want to use encryption in each of those databases, then I have no choice but to use the shared wallet then, correct.
  I need to confirm that I have not missed something.
  From Oracle's documentation:
  Specifying a Wallet Location for Transparent Data Encryption
  If you wish to use a wallet specifically for TDE, then you must specify a wallet location in the sqlnet.ora file by using the ENCRYPTION_WALLET_LOCATION parameter.
  Oracle recommends that you use the ENCRYPTION_WALLET_LOCATION parameter to specify a wallet location for TDE.
  http://docs.oracle.com/cd/E18283_01/network.112/e10746/asoappa.htm#i634447
  Oracle Advanced Security Transparent Data Encryption
  ENCRYPTION_WALLET_LOCATION = (SOURCE =
  (METHOD = FILE)
  (METHOD_DATA =
  (DIRECTORY =
  /etc/ORACLE/WALLETS/oracle)))
  thanks!

  Do not do this, follow this http://www.youtube.com/watch?v=Z9odSZxdoGU instead!
  Best, Peter

• What is the use of Oracle Wallet Manager

  Hello All,
  I have notives that there is a tool called "Oracle Wallet Manager" that is loaded on to my machine.
  After reading the on-line help I figure that It can keep some certificates for me.My question ;
  What is this tool used for?
  Why do we have this tool?
  Does anybody have any whitepapers/ recpies/ examples/ demos
  on this stuff.
  any help will be appreciated.
  regards
  Sanjiv

  Sanjiv.
  Oracle Wallet Manager is a tool to manage internet certificates for clients and servers (databases can have certificates) issued by Certificate Authorities (e.g. Verisign). It can be used in conjunction with Oracle Net/SSL.
  Details on it can be found at the following link:
  http://download-east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150/asowalet.htm#1006830
  Harold

• Using a SHA2 certificate with 12.1.1 (Oracle Wallet Manager 10.1.0.5)

  Hi folks,
  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem.
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck.
  Anybody been there done that?
  Thanks very much,
  -Adam vonNieda

  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem. What kind of problems?
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck. I am not sure if SHA2 is certified with EBS R12 so you might need to ask this question to Oracle Support. According to the following docs, SHA1 can be used with no issues.
  Enabling SSL in Oracle E-Business Suite Release 12 [ID 376700.1]     To BottomTo Bottom     
  SSL Primer: Enabling SSL in Oracle E-Business Suite Release 12 (Trial Certificate Example) [ID 1425103.1]
  Thanks,
  Hussein

• ORACLE WALLET

  Hello ,
  I am an oracle dba, i want to know what is use of oracle wallet in production dbs.
  I have done some test. I created one wallet and then creted an encrypted tablespace. When wallet was closed, i can't create any table inside that encrypted tablespace.
  But then i was stuck in export and import certificate.
  So my question is -
  - What is practical use of oracle wallet in productions dbs apart from an encrypted tablespace ?
  - How can i export and import certificates for testing purpose?
  Thanks

  861012 wrote:
  So my question is -
  - What is practical use of oracle wallet in productions dbs apart from an encrypted tablespace ?You can also use Oracle wallets to create Secure External Password Stores. This allows you to store database credentials in an encrypted format. It's much more secure than say storing application passwords in clear text. It also provides an additional layer of separation of duties.
  - How can i export and import certificates for testing purpose?You can use the orapki utility.

• Self Generated Certification into Oracle Wallet Manager ?

  Hello,
  I have an written a function in PL/SQL to communicate with web services
  this server accessed with HTTPS, it uses self generated certification!
  how I can:
  export this certification (using web browser)
  Import it to Oracle Wallet Manager
  is it going to work?
  cheers

  Hi Tejo,
  I think you posted your question into the wrong forum. This is Hyperion Query and Reporting forum that discusses issues related to Hyperion Financial Reporting Studio, Interactive Reporting, Web Analysis, etc. I would do a search for Oracle Wallet Manager on google, find the best Oracle Forum and post the question there.
  Cheers,
  Mehmet

• Is it posible to use openssl csr for oracle Wallet Manager?

  Hi,
  I have used openssl to create csr instead of using oracle Wallet Manager. I need to use certificate for OAS. I have sent csr to RapidSSL.com and they sent me the certificate with a fee. Now I release that it was a mistake and I should create the csr from Oracle Wallet Manger and send it to RapidSSL.com and import the user certificate to owm then no problem. My question are followings:
  1-     Can I use csr that generated from openssl to owm?
  2-     Can I import certificate that purchased from RapidSSL.com to owm?
  3-     What are the steps I have to follow?
  Thank you

  Here are the answers inline for your questions.
  1- Can I use csr that generated from openssl to owm?
  Yes
  2- Can I import certificate that purchased from RapidSSL.com to owm?
  Yes
  3- What are the steps I have to follow?
  Check this link for step by step instructions.
  http://download-west.oracle.com/docs/cd/B14099_19/core.1012/b13995/wallets.htm
  http://www.thesslstore.com
  http://www.rapidsslonline.com
  Edited by: 794364 on Sep 12, 2010 11:56 PM

• Separate License for Oracle Wallet Manager

  Hi,
  From our application we have been making webservice calls using utl_http. In the past this has been via http but we now have a requirement to make a webservice call using https. This requires the use of Oracle Wallet Manager. Is a separate License required to be purchased to use the Oracle Wallet, or is it part of the Oracle database license? We have an internal check going on now with various people, but I just thought I'd ask the question here as well.
  Database version: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi

  Oracle Wallets can be deployed on clients, middle tiers, and database servers FREE of charge. However, the following features that use an Oracle Wallet in turn require licensing of the Oracle Advanced Security Option:
  - PKI credentials
  - Transparent Data Encryption.
  Please check following MOS for more details.
  Is There Any Additional License Required For Wallet Manager? (Doc ID 1068223.1)

• Replace a new wallet for Oracle Wallet Manager

  Hi, all,
  Here is my current situation.
  We are using Oracle Wallet Manager (version 10.1.0.5) for Oracle 10.1.3.1 on Windows Server 2003. Currently our SSL certificate in the wallet is going to expired within a month. However, we forgot the password to the current wallet. So we have to create a new wallet and import the new certificates. The certificate shows Ready state. Then we moved the old wallet file to a different directory, and copied the new wallet file, ewallet.p12, to the default wallet location, C:\product\10.1.3.1\OracleAS_1\Apache\Apache\conf\ssl.wlt\default. We also rebooted the machine to make sure Apache will pick up the new wallet file. However, when we connected from a client browser, it still shows old certificate. I checked the ssl.conf, it still have the default value as follows:
  SSLWallet file:C:\product\10.1.3.1\OracleAS_1\Apache\Apache\conf\ssl.wlt\default
  The Auto Login and Use Windows Registry options are uncheck and there is no Oracle wallet entry in the Windows registry.
  Does anyone have the similar problem? Any advice is highly appreciated.
  Thank you very much in advance.

  Roberto,
  Thanks a lot for your response. I have one more question.
  Supposed the client browser has installed the old certificate which is still valid for another month, when the client browser hit the site again, as the old certificate is still valid, is it going to download the new certificate? If not, how do I remove the old certificate from browser, IE?
  Thanks.

• Oracle Wallet Setup and Use Help Needed - Respond

  We are trying to make our shell scripts use the wallet rather than using the files which has password in them
  What are the advantages of wallet over the password file?
  Also let us discuss the disadvantages of oracle wallet as well. So we can decide on using the existing system of keeping the passwords in the password file itself or migrating to oracle wallet
  Thanks for your time

  Hello, iam trying to install oracle ifs on my laptop. You can hekp me out..
  1>I have installed oracle 9.0.2 database.
  My question is do we need to install oracle IAS also. I have installed that one too..and intstalled ifs in the same folder of ias. But iam facing problem iam trying to open login page ..http server is not finding my login page . Http server is in oracle database..can u help me out thanks

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• Issues with using utl_http with Oracle Wallet

  Hello Everyone,
  We are experimenting with Oracle wallet and utl_http and are attempting to do an https transfer and we are facing some problems. I will appreciate your help greatly if you can advise on what could be wrong. We are on db version 10.2.0.1 and Unix HP-UX. The intention ping an https url and get a simple 200 response. Future development would include get/post XML documents from that url and other interesting stuff. I understand that utl_http with Oracle wallet can be used for this purpose.
  The wallet has been created and the ewallet.p12 exists. We downloaded the SSL certificate from the url's website and uploaded into the wallet.
  Everything works if I put in a url with plain http. However, it does not work with an HTTP*S* url.
  With HTTPS when I run the below code I get the following error. Again, greatly appreciate your time and help because this is the first time we are using Oracle wallet manager and do not know where to go from here.
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1029
  ORA-29268: HTTP client error
  declare
  url varchar2(225);
  req utl_http.req;
  resp utl_http.resp;
  my_proxy BOOLEAN;
  name varchar2(2000);
  value varchar2(2000);
  V_proxy VARCHAR2(2000);
  v_n_proxy varchar2(2000);
  v_msg varchar2(100);
  v_len PLS_INTEGER := 1000;
  BEGIN
  -- Turn off checking of status code.
  utl_http.set_response_error_check(FALSE);
  --Set proxy server
  utl_http.set_proxy('my-proxy');
  utl_http.set_wallet('file:<full Unix path to the wallet on DB server>','wallet998');
  req := utl_http.begin_request('https://service.ariba.com/service/transaction/cxml.asp');
  --Set proxy authentication
  utl_http.set_authentication(req, 'myproxyid', 'myproxypswd','Basic',TRUE); -- Use HTTP Basic
  resp := utl_http.get_response(req);
  FOR i IN 1..utl_http.get_header_count(resp) LOOP
  utl_http.get_header(resp, i, name, value);
  dbms_output.put_line(name || ': ' || value);
  END LOOP;
  utl_http.end_response(resp);
  exception
  when others then
  dbms_output.put_line(sqlerrm);
  END;

  I tried this using plsql ...
  declare
  SOAP_URL constant varchar2(1000) := 'http://125.21.166.27/cordys/com.eibus.web.soap.Gateway.wcp?organization=o=WIPRO,cn=cordys,o=itgi.co.in';
  request      UTL_HTTP.req;
  begin
  dbms_output.put_line('Begin Request');
  request := UTL_HTTP.begin_request(SOAP_URL,'POST',UTL_HTTP.HTTP_VERSION_1_1);
  dbms_output.put_line('After Request');
  exception
  when others then
     dbms_output.put_line('Error : '||sqlerrm);
  end;The output was ...
  Begin Request
  Error : ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1029
  ORA-12535: TNS:operation timed outIt seems to be an issue with the webservice, plz check if its available & allowing requests.

• Oracle Wallet Manager won't allow me to create a certificate request

  Hello,
  I am trying to setup my installation with SSL, I am trying to create a certificate request on Oracle Wallet Manager and I keep getting this error:
  "Could not create certificate request. Please check user information"
  I am entering the following information:
  Common Name: portal.grupoalsea.com.mx
  Organizational Unit: Desarrollo
  Organization: Sistema Integral de Administracion, S.A. de C.V.
  Locality/City: Distrito Federal
  State/Province: Mexico
  Country: Mexico
  Key Size: 1024 bits
  Why could this be happening? Does Oracle Wallet Manager go and look for my info some place? Common Name is the name for my site on WebCache, which is in turn mapped to the HTTP Server called Mservicio.localdomain.
  At this point, I have also tried setting the Common Name to other values, like the name of my HTTP Server, the name of my HTTP server without the "localdomain", but I still get the same message.
  Any help will be really appreciated!!!!

  Problem was due to a bug that won't allow to enter commas in Organization Name. All we needed to do is remove the comma from the Organization name and the certificate was correctly created.

• Oracle Wallet and XE

  I believe this topic has been discussed quite a bit in the past on this forum. Essentially I would like to be able to utilize utl_http to access an external website using https. Doing research on this, I've come to find out that:
  a. You need to use Oracle Wallet Manager to import trusted certificates from these sites.
  b. Oracle Wallet Manager is part of Oracle Advanced Security Module
  c. Oracle Advanced Security Module is only applicable to Enterprise Edition Database.
  d. The 'owm' binary does not come packaged with Oracle XE.
  In my search, I also came across the following in the official Oracle Database Licensing Information document (http://download-west.oracle.com/docs/cd/B19306_01/license.102/b14199/editions.htm)
  Oracle Wallet
  Oracle Wallet is a password-protected container used to store authentication and signing credentials, including passwords, private keys, certificates, trusted certificates, and TDE master keys. Oracle Wallet Manager is an application that wallet owners can use to manage and edit the security credentials in their Oracle wallets. Oracle Wallets can be deployed on clients, middle tiers, and database servers free of charge. However, the following features that use an Oracle Wallet in turn require licensing of the Oracle Advanced Security Option: PKI credentials and transparent data encryption master keys. Oracle Advanced Security option is not required when configuring wallets to secure communication between the Oracle Database and Oracle Internet Directory.
  Based on this description, my intended use of Oracle Wallet would not require the Oracle Advanced Security option as I just want to store certificates of those sites I'm accessing via https.
  Does this mean that I could fire up owm on another database server, create the file and then use it in my XE application? Or does it mean that because I'm running XE and because owm did not come with the distribution, I have no right to utilize the functionality?
  Thanks in advance for any input.

  The T in TDE stands for transparent, so your application shouldn't need to even be aware that any columns or tablespaces are encrypted. TDE is generally implemented in systems that were never designed to encrypt the data, so in theory it should be "perfectly safe" to develop unencrypted and have the client encrypt the columns during installation.
  Of course, when marketing folks start talking about things that are "perfectly safe", that's always a sign of danger ahead. Even though I've never heard of a case where encrypting a column caused a problem for an application, I would be very dubious of doing development in an environment different than production. That includes the exact version of the database (I assume the client has installed the latest patchsets, so they're running 10.2.0.4, for example) as well as the edition. If you decide to rely on the fact that everything should go smoothly when you promote to a different version of a different edition of the database with a different schema definition, even though it normally should, you're pretty much guaranteeing that you will end up with a problem that will be a pain to resolve.
  In your case, I wouldn't use XE for development. It would be much safer to develop against the personal edition. That isn't free, but that is the enterprise edition of the database licensed to be run on developer machines. It isn't free, but it's way less than an enterprise edition license.
  Justin