Problem in importing a SHA256 X509 certificate in Oracle Wallet Manager 10g

Similar Messages

• Problem import trusted certificate with oracle wallet manager

  hi people
  db version 10.2.0.4
  owm version 10.2.0.4
  os version windows server 2003
  the first thing i've tried
  is to import a certificate which was created with selfssl (contained in the mircosoft iss resource kit)
  but its not working
  i get the following failure "Some trusted certificates could not be installed"
  i've checked the metalink and found this
  [WALLET MANAGER FAILS TO IMPORT MS IIS GENERATED CERT|https://metalink2.oracle.com/metalink/plsql/f?p=130:15:3132180381448029652::::p15_database_id,p15_docid,p15_show_header,p15_show_help,p15_black_frame,p15_font:BUG,6815320,1,1,1,helvetica]
  i've tried it with an openssl generated certificate
  no problems with importing this as trusted certificate
  so my question
  exists a general problem with certificates which were created with iis services?

  Hi, I am having the same issue with the certificate. Can anyone tell me how to fix this?
  Thank You!
  Kathie

• Importing Certificate in Oracle Wallet Manager fails

  Hi,
  We are using Oracle Application Server 10g Release 2. When I try to import a certificate issued by a certificate authority, (using Operations > Import User Certificate), the wallet returns the following error:
  User certificate installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request was found
  - CA certificate needed for certificate chain not found. Please install it first
  The certificate is obtained after raising a Certificate Request from the wallet manager.But I am not sure whether we have saved the wallet after raising the certificate request.
  Now I have the certificate issued by the CA. Is there any way that I can import this certificate.? what is the possible solution?
  Thanks & Regards,
  Rafeek.

  Did you import CA certificate as a trusted certificate before importing the user certificate. If not, import CA cert first. To make sure you have saved the certificate request, please open the wallet and see if it exists. Hope this helps.
  Rgds,Ramesh

• Using a SHA2 certificate with 12.1.1 (Oracle Wallet Manager 10.1.0.5)

  Hi folks,
  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem.
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck.
  Anybody been there done that?
  Thanks very much,
  -Adam vonNieda

  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem. What kind of problems?
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck. I am not sure if SHA2 is certified with EBS R12 so you might need to ask this question to Oracle Support. According to the following docs, SHA1 can be used with no issues.
  Enabling SSL in Oracle E-Business Suite Release 12 [ID 376700.1]     To BottomTo Bottom     
  SSL Primer: Enabling SSL in Oracle E-Business Suite Release 12 (Trial Certificate Example) [ID 1425103.1]
  Thanks,
  Hussein

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• Some trusted certificate could not be installed , oracle wallet manager

  Hi there,
  I am using Oracle Wallet Manager 10.2.0.1
  Oracle DB 10.2
  when I try to import a certificate I have exported from the browser, I have such error,
  that certificate is not something globally known, but it is for local communication,
  as I understood that when I specify to import trusted certificate, that does not matter , does it?
  please that I have successfully imported another "known" certificate exported with the same way,
  what can the reason of such an error,
  thanks in advance
  rgrds

  The problem was in the certificate itself.
  Regards.

• Oracle Wallet Manager won't allow me to create a certificate request

  Hello,
  I am trying to setup my installation with SSL, I am trying to create a certificate request on Oracle Wallet Manager and I keep getting this error:
  "Could not create certificate request. Please check user information"
  I am entering the following information:
  Common Name: portal.grupoalsea.com.mx
  Organizational Unit: Desarrollo
  Organization: Sistema Integral de Administracion, S.A. de C.V.
  Locality/City: Distrito Federal
  State/Province: Mexico
  Country: Mexico
  Key Size: 1024 bits
  Why could this be happening? Does Oracle Wallet Manager go and look for my info some place? Common Name is the name for my site on WebCache, which is in turn mapped to the HTTP Server called Mservicio.localdomain.
  At this point, I have also tried setting the Common Name to other values, like the name of my HTTP Server, the name of my HTTP server without the "localdomain", but I still get the same message.
  Any help will be really appreciated!!!!

  Problem was due to a bug that won't allow to enter commas in Organization Name. All we needed to do is remove the comma from the Organization name and the certificate was correctly created.

• Oracle Wallet Manager hang when import a trusted cert

  i'm facing problem when import 1 of my client's cert.
  it hang and not responsive when i try to import it.
  the oracle wallet manager version is 10.1.0.4.2
  my client's cert is 512bit self signed
  Message was edited by:
  kinwah.lai

  Hi,
  To use it, you need to convert the cert into binary format. Then it is simply dumpasn1 bincert.cer. This dumpasn1 output is obtained from your cert:
  0 30 524: SEQUENCE {
  4 30 438: SEQUENCE {
  8 A0 3: [0] {
  10 02 1: INTEGER 2
  13 02 17: INTEGER
  : 00 C4 CE 12 F5 0D A9 0A 4C C1 56 80 3F B0 01 7C
  : 99
  32 30 13: SEQUENCE {
  34 06 9: OBJECT IDENTIFIER
  : sha1withRSAEncryption (1 2 840 113549 1 1 5)
  45 05 0: NULL
  47 30 126: SEQUENCE {
  49 31 11: SET {
  51 30 9: SEQUENCE {
  53 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
  58 13 2: PrintableString 'MY'
  62 31 17: SET {
  64 30 15: SEQUENCE {
  66 06 3: OBJECT IDENTIFIER localityName (2 5 4 7)
  71 13 8: PrintableString 'Malaysia'
  81 31 35: SET {
  83 30 33: SEQUENCE {
  85 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
  90 13 26: PrintableString 'Carrefour.net V22 Malaysia'
  118 31 55: SET {
  120 30 53: SEQUENCE {
  122 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
  127 1E 46: BMPString
  : '[email protected]'
  175 30 30: SEQUENCE {
  177 17 13: UTCTime '070309053122Z'
  192 17 13: UTCTime '090309053122Z'
  207 30 126: SEQUENCE {
  209 31 11: SET {
  211 30 9: SEQUENCE {
  213 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
  218 13 2: PrintableString 'MY'
  222 31 17: SET {
  224 30 15: SEQUENCE {
  226 06 3: OBJECT IDENTIFIER localityName (2 5 4 7)
  231 13 8: PrintableString 'Malaysia'
  241 31 35: SET {
  243 30 33: SEQUENCE {
  245 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
  250 13 26: PrintableString 'Carrefour.net V22 Malaysia'
  278 31 55: SET {
  280 30 53: SEQUENCE {
  282 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
  287 1E 46: BMPString
  : '[email protected]'
  335 30 92: SEQUENCE {
  337 30 13: SEQUENCE {
  339 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
  350 05 0: NULL
  352 03 75: BIT STRING 0 unused bits, encapsulates {
  355 30 72: SEQUENCE {
  357 02 65: INTEGER
  : 00 86 75 E6 DA C8 18 CB 77 44 C5 E9 48 F7 45 41
  : 85 52 8E 70 E7 D1 D0 C5 7E 48 5D BC AB 9E C9 99
  : CC 70 FC 18 F2 E4 12 78 38 7D CA 06 3C 18 64 E6
  : FD 6B 3A CD 00 02 2B A0 67 CB F0 86 1C 13 0F 43
  : D1
  424 02 3: INTEGER 65537
  429 A3 15: [3] {
  431 30 13: SEQUENCE {
  433 30 11: SEQUENCE {
  435 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
  440 04 4: OCTET STRING, encapsulates {
  442 03 2: BIT STRING 0 unused bits
  : '00000101'B
  : Error: Spurious zero bits in bitstring.
  446 30 13: SEQUENCE {
  448 06 9: OBJECT IDENTIFIER
  : sha1withRSAEncryption (1 2 840 113549 1 1 5)
  459 05 0: NULL
  461 03 65: BIT STRING 0 unused bits
  : 51 13 3B 3C 7A EA 9A 97 30 FA F1 2E E5 A4 CD 77
  : D6 02 6D BF 1B 4D E3 F3 5F 93 3F D7 96 0E 40 69
  : 8A 29 B4 B1 B5 C0 79 B8 4C 6E 96 C6 15 26 61 F7
  : 4E D5 27 9C 71 B6 5D 92 E6 3B 71 6E 76 02 E1 97
  0 warnings, 1 error.
  As you can see, there is an error: Error: Spurious zero bits in bitstring. For this particular instance, OWM cannot import this cert properly. Please ask your tp to provide a self signed cert that complies with the ASN1 standard.
  Eng

• Problem in customizing Oracle Access Manager 10g

  HI,
  I am facing some problem while incorporating customizations into Oracle Access Manager 10g.
  When trying to access the url with a particular style name.... i am getting the following error :
  obhtmlpage.cpp:160: Error:
  obhtmlpage.cpp:277: Error: ExXSLTProcessingGeneric: Exception processing stylesheet. Root stylesheet ID: ../../../lang/en-us/style0/login.xsl
  obxdkxsl.cpp:224: Error: ObXDKTransform
  obxdkcache.cpp:528: Error:
  obxdkcache.cpp:565: Error:
  ../obcacheof.cpp:429: Error:
  ../obcacheof.cpp:795: Error:
  ../obcacheof.cpp:932: Error:
  obxdkcache.cpp:291: Error: ObXdkObject::ObXdkObject
  Front Page Admin
  Sun Microsystems Solaris
  Could someone please provide some help as to how to solve the problem.
  Thanks.

  One good way to debug the XSL stylesheet issue is to apply the XSL outside of OAM with input XML and see if you get the results. You can use tools such as XML SPy for XSL development and testing.
  This error is more in line with XSL syntax and processing.
  Thanks
  Ram

• Oracle wallet manager and how can I import a .cer f

  Hi where can I download oracle wallet manager and how can I import a .cer file to a wallet file .p12 that OAS uses in Apache configuration.

  Hi where can I download oracle wallet manager and how can I import a .cer file to a wallet file .p12 that OAS uses in Apache configuration.

• How to load the ssl certificate to oracle wallet

  I have oracle 10.2.0.3 on Unix.
  I have a oracle wallet created. I need to load ssl certificate to the oracle wallet. I have CA certificate and server related certificate. In owm interface, there is Certificate:(Empty) and Trusted Certificates. Does anybody know where my certificate should go, Certification:(Empty) or Tryusted Certificates? By the way my certificate is from Verisign.
  Thanks a lot!

  Hi
  Thanks. I have added my LDAP certificate to Oracle wallet.
  Now my doubt is :
  Before adding this cert to my wallet , i have tried to connect my application through SSL , am able to connect it.
  I have used DBMS_LDAP.open_SSL function for conencting.
  Before adding the new cert my wallet conatins :
  ewallet.p12
  cwallet.sso
  GeoTrust.cer
  Equifaxb64.cer
  After adding the new cert also i am able to conenct through ssl my concern is , how we can figure out whether the ldap package checking my cert or not?
  How DBMS_LDAP.open_SSL works?
  Could anyone help me out to solve the issue?
  Thanks,
  San

• Certificate Request - Oracle Wallet

  Hi,
  I need a help from yours, please try to help me to solve a problem.
  I have a token certified for my company and i need to use this certified to comunicate to a Brazilian Federal, but i didin't have an idea how to this, and after read i saw that exists the Oracle Manager and Net assitant to do SSL connections, but i don't know how to use the Oracle wallet right(if its really necessary).
  I think that i have my certified, i need to do what? Create a waalet and sign with my token?
  I am using Oracle Database 10g realease 2!
  Please Help me.

  Problem was due to a bug that won't allow to enter commas in Organization Name. All we needed to do is remove the comma from the Organization name and the certificate was correctly created.

• Problem in importing data from shape file to Oracle Spatial

  The following error is being displayed
  symbol : constructor ShapefileReaderJGeom(java.lang.String)
  location: class oracle.spatial.util.ShapefileReaderJGeom
  Though i have downloaded latest Spatial Java class library (sdo_java_040319.zip) file and properly set sdoapi.jar and sdoutl.jar in the classpath.
  How can i get rid of this problem. Is it because i am still using old spatial java library for some other programs.

  Hi,
  Did you follow the instructions in the readme? Are you using Oracle10g?
  Thanks,
  Dan

• How to import Verisign Intermediate certificate (char 2) with Oracle Wallet 10.1.0.5

  Hi,
      Recently I renewed a Verisign Certificate using Oracle Wallet 10.1.0.5 but could not apply one of the intermediate certificates (char2 encryption?).  The error message is : "Some trusted certificates could not be installed:. Does anyone have a solution to this problem?  A technician at Verisign told me that I need to contact Oracle for a patch.  Is there such a patch for Oracle Wallet version 10.1.05?
      Please help and thanks!
  Jim.

  Hi Jim,
  Which certificate did you get renewed ? root certificate or a user certificate and is it using the same CSR or did you request it via a new CSR (certificate signing request)
  Looks like the certificate chain is breaking when you are trying to import the intermediate certificate. The certs has to be imported in a order (root , intermediate and then user)
  Below doc can help you to some extent:
  How to Replace an Expired or Expiring Certificate in Wallet Manager in Oracle AS 10g and FMW 11g (Doc ID 303299.1)
  Thanks,
  Sharmela

• Install SSL certificate for Oracle HTTP server

  I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com.
  I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem".
  I want to install this on the oracle 11g HTTP server (OHS) installed as standalone based on apache 2.2
  With oracle, i have to create a wallet and point the SSL.CONF wallet directive to use that wallet.
  I used Oracle Wallet Manager to create it and import the certificate but this is where i am having a problems.
  First I could not restart the web server but the it worked but I got SSL handshake errors (Shown below).
  According to oracle steps, I have to create a CSR and then import the certificate into the wallet
  http://www.apache.com/resources/how-to-setup-an-ssl-certificate-on-apache/
  However, when I tried to use Oracle Wallet Manager, there were two options: import server certificate and trusted certificate.
  The import server certificate was greyed out. I had to create a CSR just to get it enabled but I did not use the CSR, i just imported the "server.crt" file.
  I also tried to import the "serverkey.pem" into the trused certificate option but was rejected (invalid certificate).
  Do you know how to create a successful wallet based on the files i have and not creating a CSR since i already have a certificate file?
  2013-05-04T20:11:40.2718-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.2719-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.4774-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.6814-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error

  I do not have weblogic installed. I only have standalone 11g HTTP server with mod_plsql.
  If i can get OWM working to create a successful certificate them the problem would be resolved.
  I am just not sure what is Root Certificate and Trustworthy Certificate and how to get that from the files i have.