Oracle gebruikt de Oracle Wallet om certificaten in op te slaan.
Hier een aantal methodes om daar mee om te gaan.
– Oracle Wallet aanmaken
$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd “geheim”
– Importeer een Java keystore in een Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd “geheim” \
-keystore KEYSTORE.jks -jkspwd “geheim”
– Importeer een P12 keystore in een Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet import_pkcs12 -wallet ./ -pwd “geheim” \
-pkcs12file P12.jks -pkcs12pwd “geheim”
– Importeer een PEM certifcaat in een Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet add -wallet ./ -trusted_cert -cert ./CERTIFICATE.pem -pwd “geheim”
– Maak auto-login mogelijk van de Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet ./ -auto_login -pwd “geheim”
– Toon wat er in de Oracle Wallet zit
$ORACLE_HOME/oracle_common/bin/orapki wallet display -wallet ./ -pwd “geheim”
– Help pagina Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki help
Oracle PKI Tool : Version 12.2.1.3.0
Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
orapki [crl|wallet|cert|help] <-nologo> <-jsafe>
Syntax :
[-option [value]] : mandatory, for example [-wallet [wallet]]
[-option <value>] : optional, but when option is used its value is mandatory.
<option> : optional, for example <-summary>, <-complete>
[option1] | [option2] : option1 ‘or’ option2
$ORACLE_HOME/oracle_common/bin/orapki wallet help
Oracle PKI Tool : Version 12.2.1.3.0
Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
wallet:
create [-wallet [wallet]] [[-pwd <pwd>] [-auto_login|-auto_login_local]] | [-auto_login_only] [-with_trust_flags] [-compat_v12]
display [-wallet [wallet]] <-summary|-complete> [-pwd <pwd>]
convert [-wallet [wallet]] [-pwd <pwd>] | [-auto_login_only] [-compat_v12]
change_pwd [-wallet [wallet]] [-oldpwd <oldpwd>] [-newpwd <newpwd>]
enable_trust_flags [-wallet [wallet]] [-pwd <pwd>] | [-auto_login_only] <-untrust_all>
add [-wallet [wallet]] <[-dn [dn]]> <-asym_alg [RSA|ECC]> <[-keysize [512|1024|2048|4096|8192|16384]] |
[-eccurve [p192|p224|p256|p384|p521|k163|k233|k283|k409|k571|b163|b233|b283|b409|b571]]>
<-self_signed [-validity [days]] | [-valid_from [mm/dd/yyyy] -valid_until [mm/dd/yyyy]]
[-serial_file <file_loc>] | [-serial_num <serial_num>]> <-addext_ski>
<-addext_ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly>
<-addext_basic_cons [CA] | [-pathLen [pathlen]]]>
<-addext_san [DNS:<value>]>
<[-cert [filename]] [-trusted_cert|-user_cert]> [-pwd <pwd>] | [-auto_login_only]
[-sign_alg <md5|sha1|sha256|sha384|sha512|ecdsasha1|ecdsasha256|ecdsasha384|ecdsasha512>]
<-trust_flags [SERVER_AUTH,CLIENT_AUTH|VALID_PEER|NULL]>
assign_trust_flags [-wallet [wallet]] [-pwd <pwd>] [-trust_flags [SERVER_AUTH,CLIENT_AUTH|VALID_PEER|NULL]]
[-dn [cert_dn]] <-issuer [issuer_dn]> <-serial_num [serial_num]>
remove [-wallet [wallet]] [-dn [subject_dn]] [-issuer_dn [issuer_dn]] [-serial_num <serial_num>]
[-trusted_cert_all|-trusted_cert|-user_cert|-cert_req] [-pwd <pwd>] | [-auto_login_only]
replace [-wallet [wallet]] [-issuer_dn <issuer_dn>] [-serial_num <serial_num>] [-cert [filename]]
[-trusted_cert|-user_cert]> <-trust_flags [SERVER_AUTH,CLIENT_AUTH|VALID_PEER|NULL]> [-pwd <pwd>]
export [-wallet [wallet]] [-dn [dn]] [-cert [filename] | -request [filename]] [-pwd <pwd>]
<-issuer_dn [issuer_dn]> <-serial_num [serial_num]>
export_trust_chain [-wallet [wallet]] [-certchain [filename]] [-dn [user_cert_dn]] [-pwd <pwd>]
<-issuer_dn [issuer_dn]> <-serial_num [serial_num]>
export_private_key [-wallet [wallet]] [-pwd <pwd>] [-pvtkeyfile [filename]] [-alias [pvtkey_alias]] [-pvtkeypwd <pwd>] [-salt salt]
import_private_key [-wallet [wallet]] [-pwd <pwd>] [-alias [pvtkey_alias]] [-pvtkeyfile [filename]] [-pvtkeypwd <pwd>] [-salt salt] [-cert [certfilename]] [-cacert [cacertfilename]]
upload [-wallet [wallet]] [-ldap [host:port]] [-user [user]] [-userpwd [userpwd]] [-pwd <pwd>]
download [-wallet [wallet]] [-ldap [host:nonsslport]] [-user [user]] [-userpwd [userpwd]] [-pwd <pwd>]
jks_to_pkcs12 [-wallet [wallet]] [-pwd <pwd>] [-keystore [keystore]] [-jkspwd [jkspwd]]
<-aliases [alias:alias..]>
pkcs12_to_jks [-wallet [wallet]] [-pwd <pwd>] [-jksKeyStoreLoc <jksKSloc> -jksKeyStorepwd <jksKS_pwd>]
[-jksTrustStoreLoc <loc> -jksTrustStorepwd <pwd>]
p11_add [-wallet [wallet]] [-p11_lib <pkcs11Lib>] [-p11_tokenlabel <tokenLabel>]
[-p11_tokenpw <tokenPassphrase>] [-p11_certlabel <certlabel>] [-pwd <pwd>]
p11_verify [-wallet [wallet]] [-pwd <pwd>]
import_pkcs12 [-wallet <wallet>] [[-pwd <pwd>] | [-auto_login_only]] [-pkcs12file <pkcs12Loc>] [-pkcs12pwd <pkcs12Pwd>]
help