This article provides a step-by-step guide on how to create and manage SSL/TLS wallets using Orapki to secure your Oracle HTTP Server. The article explains what an SSL/TLS wallet is and how it is used with Oracle HTTP Server to establish secure connections over HTTPS.

Follow the instructions to configure OHS with SSL and a wallet file, including converting a JKS keystore file to a PKCS12 wallet and editing the ssl.conf file.

What is A “Wallet” for Oracle HTTP Server with orapki?

A “Wallet” for Oracle HTTP Server with orapki refers to a file that contains the digital certificates and private keys needed to establish secure connections using SSL/TLS. Oracle HTTP Server is a web server component of Oracle Fusion Middleware that supports HTTPS, and orapki is a command-line utility that can be used to manage SSL/TLS certificates and keys.

To use SSL/TLS with Oracle HTTP Server, you typically need to create a wallet using the orapki command-line utility. The wallet is a file that contains the SSL/TLS certificates and private keys, as well as any trusted CA certificates needed to validate remote server certificates.

You can use orapki to create a new wallet, add certificates and private keys to an existing wallet, and manage the wallet’s contents. Once you have created a wallet, you can configure Oracle HTTP Server to use it to establish secure connections over HTTPS.

Read also: Get Started with RMAN: A Comprehensive Beginner’s Guide to Oracle’s Backup and Recovery Tool

Create a Wallet for Oracle HTTP Server with orapki

Configure OHS with SSL and a wallet file

To configure OHS with SSL and a wallet file, follow these steps:

1.Begin by creating the necessary wallet files and directory using:

$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet $DOMAIN_HOME/walletname -pwd password -auto_login

2. Next, you will need to convert the JKS keystore file to a PKCS12 wallet using Orapki. You can refer to our guide on configuring a JKS Keystore for detailed instructions.

$ORACLE_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet $DOMAIN_HOME/walletname -pwd password -keystore $DOMAIN_HOME/keystorename.jks -jkspwd passwordforjks

3. Now, you must include this file in the OHS ssl.conf configuration file. To do so, simply edit the file via the web console at http://ohsserver:7001/em.

OHS Advanced Configuration

Begin by clicking on the “Advanced Configuration” option for OHS.

Edit the ssl.conf file

Next, proceed to edit the ssl.conf file:

Finally, restart all services and verify the OHS log for any errors.

Read also: Prevent Expired Passwords and Fix ORA-28001 Error with These Expert Strategies

Categories: DatabasesBlog

James R. Kinley - It Admin

James R. Kindly

My Name is James R. Kindly i am the founder and primary author of Storaclix, a website dedicated to providing valuable resources and insights on Linux administration, Oracle administration, and Storage. With over 20 years of experience as a Linux and Oracle database administrator, i have accumulated extensive knowledge and expertise in managing complex IT infrastructures and databases.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Save 30% on Apple AirPods Pro

Get the coolest AirPods ever released for:  $179,99  instead $249

  • Active Noise Cancellation blocks outside noise
  • Transparency mode for hearing and interacting with the world around you
  • Spatial audio with dynamic head tracking places sound all around you