ORACLE WALLET

Similar Messages

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• Issues with using utl_http with Oracle Wallet

  Hello Everyone,
  We are experimenting with Oracle wallet and utl_http and are attempting to do an https transfer and we are facing some problems. I will appreciate your help greatly if you can advise on what could be wrong. We are on db version 10.2.0.1 and Unix HP-UX. The intention ping an https url and get a simple 200 response. Future development would include get/post XML documents from that url and other interesting stuff. I understand that utl_http with Oracle wallet can be used for this purpose.
  The wallet has been created and the ewallet.p12 exists. We downloaded the SSL certificate from the url's website and uploaded into the wallet.
  Everything works if I put in a url with plain http. However, it does not work with an HTTP*S* url.
  With HTTPS when I run the below code I get the following error. Again, greatly appreciate your time and help because this is the first time we are using Oracle wallet manager and do not know where to go from here.
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1029
  ORA-29268: HTTP client error
  declare
  url varchar2(225);
  req utl_http.req;
  resp utl_http.resp;
  my_proxy BOOLEAN;
  name varchar2(2000);
  value varchar2(2000);
  V_proxy VARCHAR2(2000);
  v_n_proxy varchar2(2000);
  v_msg varchar2(100);
  v_len PLS_INTEGER := 1000;
  BEGIN
  -- Turn off checking of status code.
  utl_http.set_response_error_check(FALSE);
  --Set proxy server
  utl_http.set_proxy('my-proxy');
  utl_http.set_wallet('file:<full Unix path to the wallet on DB server>','wallet998');
  req := utl_http.begin_request('https://service.ariba.com/service/transaction/cxml.asp');
  --Set proxy authentication
  utl_http.set_authentication(req, 'myproxyid', 'myproxypswd','Basic',TRUE); -- Use HTTP Basic
  resp := utl_http.get_response(req);
  FOR i IN 1..utl_http.get_header_count(resp) LOOP
  utl_http.get_header(resp, i, name, value);
  dbms_output.put_line(name || ': ' || value);
  END LOOP;
  utl_http.end_response(resp);
  exception
  when others then
  dbms_output.put_line(sqlerrm);
  END;

  I tried this using plsql ...
  declare
  SOAP_URL constant varchar2(1000) := 'http://125.21.166.27/cordys/com.eibus.web.soap.Gateway.wcp?organization=o=WIPRO,cn=cordys,o=itgi.co.in';
  request      UTL_HTTP.req;
  begin
  dbms_output.put_line('Begin Request');
  request := UTL_HTTP.begin_request(SOAP_URL,'POST',UTL_HTTP.HTTP_VERSION_1_1);
  dbms_output.put_line('After Request');
  exception
  when others then
     dbms_output.put_line('Error : '||sqlerrm);
  end;The output was ...
  Begin Request
  Error : ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1029
  ORA-12535: TNS:operation timed outIt seems to be an issue with the webservice, plz check if its available & allowing requests.

• Oracle TDE - Can multiple databases use the same Oracle wallet?

  Oracle Advanced Security Transparent Data Encryption
  I will have 2 or more databases running under the same Oracle 11.2 home. According to Oracle's documentation, it is preferred to reference the wallet via the sqlnet.ora file. That's fine. My question is if I want to use encryption in each of those databases, then I have no choice but to use the shared wallet then, correct.
  I need to confirm that I have not missed something.
  From Oracle's documentation:
  Specifying a Wallet Location for Transparent Data Encryption
  If you wish to use a wallet specifically for TDE, then you must specify a wallet location in the sqlnet.ora file by using the ENCRYPTION_WALLET_LOCATION parameter.
  Oracle recommends that you use the ENCRYPTION_WALLET_LOCATION parameter to specify a wallet location for TDE.
  http://docs.oracle.com/cd/E18283_01/network.112/e10746/asoappa.htm#i634447
  Oracle Advanced Security Transparent Data Encryption
  ENCRYPTION_WALLET_LOCATION = (SOURCE =
  (METHOD = FILE)
  (METHOD_DATA =
  (DIRECTORY =
  /etc/ORACLE/WALLETS/oracle)))
  thanks!

  Do not do this, follow this http://www.youtube.com/watch?v=Z9odSZxdoGU instead!
  Best, Peter

• Oracle Wallet Manager won't allow me to create a certificate request

  Hello,
  I am trying to setup my installation with SSL, I am trying to create a certificate request on Oracle Wallet Manager and I keep getting this error:
  "Could not create certificate request. Please check user information"
  I am entering the following information:
  Common Name: portal.grupoalsea.com.mx
  Organizational Unit: Desarrollo
  Organization: Sistema Integral de Administracion, S.A. de C.V.
  Locality/City: Distrito Federal
  State/Province: Mexico
  Country: Mexico
  Key Size: 1024 bits
  Why could this be happening? Does Oracle Wallet Manager go and look for my info some place? Common Name is the name for my site on WebCache, which is in turn mapped to the HTTP Server called Mservicio.localdomain.
  At this point, I have also tried setting the Common Name to other values, like the name of my HTTP Server, the name of my HTTP server without the "localdomain", but I still get the same message.
  Any help will be really appreciated!!!!

  Problem was due to a bug that won't allow to enter commas in Organization Name. All we needed to do is remove the comma from the Organization name and the certificate was correctly created.

• Oracle Wallet and XE

  I believe this topic has been discussed quite a bit in the past on this forum. Essentially I would like to be able to utilize utl_http to access an external website using https. Doing research on this, I've come to find out that:
  a. You need to use Oracle Wallet Manager to import trusted certificates from these sites.
  b. Oracle Wallet Manager is part of Oracle Advanced Security Module
  c. Oracle Advanced Security Module is only applicable to Enterprise Edition Database.
  d. The 'owm' binary does not come packaged with Oracle XE.
  In my search, I also came across the following in the official Oracle Database Licensing Information document (http://download-west.oracle.com/docs/cd/B19306_01/license.102/b14199/editions.htm)
  Oracle Wallet
  Oracle Wallet is a password-protected container used to store authentication and signing credentials, including passwords, private keys, certificates, trusted certificates, and TDE master keys. Oracle Wallet Manager is an application that wallet owners can use to manage and edit the security credentials in their Oracle wallets. Oracle Wallets can be deployed on clients, middle tiers, and database servers free of charge. However, the following features that use an Oracle Wallet in turn require licensing of the Oracle Advanced Security Option: PKI credentials and transparent data encryption master keys. Oracle Advanced Security option is not required when configuring wallets to secure communication between the Oracle Database and Oracle Internet Directory.
  Based on this description, my intended use of Oracle Wallet would not require the Oracle Advanced Security option as I just want to store certificates of those sites I'm accessing via https.
  Does this mean that I could fire up owm on another database server, create the file and then use it in my XE application? Or does it mean that because I'm running XE and because owm did not come with the distribution, I have no right to utilize the functionality?
  Thanks in advance for any input.

  The T in TDE stands for transparent, so your application shouldn't need to even be aware that any columns or tablespaces are encrypted. TDE is generally implemented in systems that were never designed to encrypt the data, so in theory it should be "perfectly safe" to develop unencrypted and have the client encrypt the columns during installation.
  Of course, when marketing folks start talking about things that are "perfectly safe", that's always a sign of danger ahead. Even though I've never heard of a case where encrypting a column caused a problem for an application, I would be very dubious of doing development in an environment different than production. That includes the exact version of the database (I assume the client has installed the latest patchsets, so they're running 10.2.0.4, for example) as well as the edition. If you decide to rely on the fact that everything should go smoothly when you promote to a different version of a different edition of the database with a different schema definition, even though it normally should, you're pretty much guaranteeing that you will end up with a problem that will be a pain to resolve.
  In your case, I wouldn't use XE for development. It would be much safer to develop against the personal edition. That isn't free, but that is the enterprise edition of the database licensed to be run on developer machines. It isn't free, but it's way less than an enterprise edition license.
  Justin

• Using Oracle Wallet for Java connection

  Hi,
  Can anyone tell me how to acces the Oracle wallet from my Java application without using the thin or oci drivers?

  No answer was found for this, we ended up using an OCI driver for the connection to the wallet. Code (in java) was as follows for reference:#
  private static Connection walletconn() throws Exception{
  String url = "jdbc:oracle:oci:/@DATABASE";
  OracleDataSource ods = new OracleDataSource();
  ods.setURL(url);
  Connection conn = ods.getConnection();
  return connl;

• Oracle wallet(oraclepki.jar) is not working with WLS 10.3.1

  An external application is storing a password in oracle wallet i.e cwallet.sso and ewallet.p12 files using OracleWallet technology (oraclepki.jar).
  I have an web application which uses this password stored in the wallet for internal use, this application works fine if we deploy it in OC4J, but if Install the same application in WLS 10.3.1 application is not able to get the password for wallet.
  Oracle wallet require only oraclepki.jar file and this jar file is bundled in the ear file.
  Can someone guide me so that we can use Oracle wallet with WLS.

  Hi
  For me no error is showing. But the whitespace is not getting removed. But this is working fine in Tomcat6.1.
  Any help is appreciated.
  regards
  jossy.

• Connect thru oracle wallet

  I am trying to do a connection thru an oracle wallet with the string:
  Custon JDBC URL:
  jdbc:oracle:oci:/@pm102139
  This has worked in the past , but now returns:
  Status: Failed - Test failed : no ocijdbc11 in java.library.path
  version: 1.5.5.59.69
  Build: Main - 5969
  Oracle 10.2.0.4.0 in Solaris 10
  $java -version
  java version "1.5.0_22"
  thanks.

  Could this have anything to do with Patch 9352164 10.2.0.4.4 PSU? This has been installed since it last worked.
  thanks.

• What is the use of Oracle Wallet Manager

  Hello All,
  I have notives that there is a tool called "Oracle Wallet Manager" that is loaded on to my machine.
  After reading the on-line help I figure that It can keep some certificates for me.My question ;
  What is this tool used for?
  Why do we have this tool?
  Does anybody have any whitepapers/ recpies/ examples/ demos
  on this stuff.
  any help will be appreciated.
  regards
  Sanjiv

  Sanjiv.
  Oracle Wallet Manager is a tool to manage internet certificates for clients and servers (databases can have certificates) issued by Certificate Authorities (e.g. Verisign). It can be used in conjunction with Oracle Net/SSL.
  Details on it can be found at the following link:
  http://download-east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150/asowalet.htm#1006830
  Harold

• Using a SHA2 certificate with 12.1.1 (Oracle Wallet Manager 10.1.0.5)

  Hi folks,
  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem.
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck.
  Anybody been there done that?
  Thanks very much,
  -Adam vonNieda

  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem. What kind of problems?
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck. I am not sure if SHA2 is certified with EBS R12 so you might need to ask this question to Oracle Support. According to the following docs, SHA1 can be used with no issues.
  Enabling SSL in Oracle E-Business Suite Release 12 [ID 376700.1]     To BottomTo Bottom     
  SSL Primer: Enabling SSL in Oracle E-Business Suite Release 12 (Trial Certificate Example) [ID 1425103.1]
  Thanks,
  Hussein

• Interconnect DB adapter Error when connecting to DB Using Oracle Wallet

  Hi all,
  I have installed multiple DB adapters on a unix m/c and when i am starting the DB adapter( name ex: B) i am getting the following error.
  when i Hash (#)the passwd in adapter.ini without using oracle wallet my DB adapter gets connected if the same is removed i am getting the following Error.
  "java.sql.SQLException: invalid arguments in call"
  Oracle Wallet password have been set correctly and works fine with one of the DB adapter( name ex: A) and the same setting of A has been used in B.
  Would be glad if someone could help to give solution to track oracle wallet and database connectivity.
  Oailog.txt
  ~~~~~~~~~~
  Initializing the Bridge oracle.oai.agent.adapter.database.DBBridge..
  Initializing connection to the Repository...
  Connected to the Repository.
  B could not connect to the database
  regards
  yenyes

  The issue was solved.The workaround involved synchronising the security folders the one below the /interconnect and one below /adapters.

• Use Oracle Wallet to store repository (Registry/SS/EAS) credentials?

  I'm running EPM 11.1.2.2 on AIX, Oracle repository, already installed and configured.
  The security team would prefer to have the repository credentials stored in an Oracle wallet as a matter of policy.  I believe, from my limited research, that a JDBC driver can (theoretically) use wallet.  But has anyone done it in the context of the EPM services (i.e. Foundation, EAS)?
  Obviously, the password is encrypted already, so I'm not sure that this really provides much of a real security benefit - except that I think that the Oracle password could be changed by updating the wallet without having to re-run the EPM configuration utility.
  Any input gratefully received.  Thanks!

  Nothing like wanting to add another layer of complexity to an already complex world , if security is the issue then SSL should be looked at but the passwords will still be stored in the database.
  I have never heard of it being done with EPM but would be interested to know if it is actually supported.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• SSIS and Oracle Wallet

  I am trying to connect SQL Server Integration Services to an Oracle database using Oracle Wallet. I have tested the wallet in both 32 and 64 bit modes on the machine and it works fine. I cannot get SSIS to connect though. I probably just need the syntax for and OleDB or .NET driver connection string but have not been able to find either on-line. Any help would be appreciated.
  Thanks,
  Brian.

  I have resolved the issue. For others that may run into this, here are the steps I took.
  1.     Use the driver “.Net Providers\OracleClient Data Provider”
  2.     Go to the “All” tab.
  3.     Data Source=”DATA_SOURCE”
  4.     Integrated Security=True
  5.     Press “Test Connection” and it should succeed.

• Some trusted certificate could not be installed , oracle wallet manager

  Hi there,
  I am using Oracle Wallet Manager 10.2.0.1
  Oracle DB 10.2
  when I try to import a certificate I have exported from the browser, I have such error,
  that certificate is not something globally known, but it is for local communication,
  as I understood that when I specify to import trusted certificate, that does not matter , does it?
  please that I have successfully imported another "known" certificate exported with the same way,
  what can the reason of such an error,
  thanks in advance
  rgrds

  The problem was in the certificate itself.
  Regards.

• Oracle Wallet on Windows

  Oracle 10.2.0.4
  I created a wallet using mkstore.
  C:\app\brock\product\10.2.0\db_1\BIN>mkstore -wrl C:\app\brock\product\10.2.0\admin\orcl wallet -createI can see the two files that it created: cwallet,sso and ewallet.p12
  But I cannot open the wallet.
  sys@orcl-local> alter system set wallet open identified by "mypassword1";
  alter system set wallet open identified by "mypassword1"
  ERROR at line 1:
  ORA-28367: wallet does not existIs there a step I am missing?

  ORA-28367: wallet does not exist
  *Cause:  The Oracle wallet has not been created or the wallet location
  parameters in sqlnet.ora specifies an invalid wallet path.
  *Action: Verify that the WALLET_LOCATION or the ENCRYPTION_WALLET_LOCATION
  parameter is correct and that a valid wallet exists in the path
  specified.