Third-party certificates are those created from certificate requests that were not generated using Oracle Wallet Manager. These third-party certificates are actually wallets, in the Oracle sense, because they contain more than just the user certificate; they also contain the private key for that certificate. Furthermore, they include the chain of trusted certificates validating that the certificate was created by a trustworthy entity.
Oracle Wallet Manager makes these wallets available in a single step by importing them in PKCS#12 format, which includes all three elements described earlier: the user certificate, the private key, and the trusted certificates. It supports the following PKCS #12-format certificates:
Oracle Wallet Manager adheres to the PKCS#12 standard, so certificates exported by any PKCS#12-compliant tool should be usable with Oracle Wallet Manager.
Such third-party certificates cannot be stored into existing Oracle wallets because they would lack the private key and chain of trusted authorities. Therefore, each such certificate is exported and retrieved instead as an independent PKCS#12 file, that is, as its own wallet.
Once a third party generates the wallet, you need to import it to make use of it, as described in this section.
To import a certificate created with a third-party tool:
Follow the procedures for your particular product to export the certificate.
Perform the actions indicated in the exporting product to include the private key in the export, and specify the new password to protect the exported certificate. Also include all associated trust points. (Under PKCS #12, browsers do not necessarily export trusted certificates, other than the signer's own certificate. You may need to add additional certificates to authenticate to your peers. You can use Oracle Wallet Manager to import trusted certificates.)
The resulting file, containing the certificate, the private key, and the trust points, is the new wallet that enables the third-party certificate to be used.
Place the wallet where it will be easily found, by copying it to the correct system and directory.
To be used by particular applications or servers, such as a web server or an LDAP server, wallets must be located precisely. Each application has its own expectations as to which directory it will search to find the needed wallet.
For use with UNIX or Windows applications or servers, ensure that the wallet is named ewallet.p12
.
For other operating systems, refer to the Oracle documentation for that specific operating system.
Once a third-party certificate is stored as ewallet.p12
, you can open and manage it using Oracle Wallet Manager. You will have to supply the password you created when exporting this wallet.
Note:
The password will be required whenever the associated application starts up or otherwise needs the certificate. To make such access automatic, refer to "Using Auto Login for Oracle Wallets to Enable Access Without Human Intervention".
However, if the private key for the desired certificate is held in a separate hardware security module, you will not be able to import that certificate.