oracle_create_wallet_certificates

To create Wallet and Self Signed Certificates for Orale use the following script:

Script Source 

#!/usr/bin/env bash

if [ $# -eq 0 ]
  then
    echo "Script expects MA password as the first parameter."
    exit 1
fi
if [ -z "$1" ]
  then
    echo "Script expects MA password as the first parameter."
    exit 1
fi
honame=`hostname -f`
node=${honame%%.*}

mkdir ~/wallet_dir

orapki wallet create -wallet ~/wallet_dir/root_ca -auto_login -pwd $1
orapki wallet add -wallet ~/wallet_dir/root_ca -dn "CN=RootCA" -keysize 2048 -self_signed -validity 7300 -pwd $1
orapki wallet export -wallet ~/wallet_dir/root_ca -dn "CN=RootCA" -cert ~/wallet_dir/rootCA_Cert.pem -pwd $1
orapki wallet create -wallet ~/wallet_dir/${node} -auto_login -pwd $1
orapki wallet add -wallet ~/wallet_dir/${node} -dn "CN=${honame}" -keysize 2048 -pwd $1
orapki wallet export -wallet ~/wallet_dir/${node} -dn "CN=${honame}" -request  ~/wallet_dir/${node}_req.pem -pwd $1
orapki cert create -wallet ~/wallet_dir/root_ca -request ~/wallet_dir/${node}_req.pem  -cert  ~/wallet_dir/${node}_Cert.pem -serial_num 20 -validity 365 -pwd $1

orapki wallet add -wallet ~/wallet_dir/${node} -trusted_cert -cert ~/wallet_dir/rootCA_Cert.pem -pwd $1
orapki wallet add -wallet ~/wallet_dir/${node} -user_cert -cert ~/wallet_dir/${node}_Cert.pem -pwd $1
orapki wallet create -wallet ~/wallet_dir/dist_client -auto_login -pwd $1
orapki wallet add -wallet ~/wallet_dir/dist_client -dn "CN=${honame}" -keysize 2048 -pwd $1
orapki wallet export -wallet ~/wallet_dir/dist_client -dn "CN=${honame}" -request ~/wallet_dir/dist_client_req.pem -pwd $1
orapki cert create -wallet ~/wallet_dir/root_ca -request ~/wallet_dir/dist_client_req.pem  -cert  ~/wallet_dir/dist_client_Cert.pem -serial_num 30 -validity 365 -pwd $1

orapki wallet add -wallet ~/wallet_dir/dist_client -trusted_cert -cert ~/wallet_dir/rootCA_Cert.pem -pwd $1
orapki wallet add -wallet ~/wallet_dir/dist_client -user_cert -cert ~/wallet_dir/dist_client_Cert.pem -pwd $1

Usage

USage 

[oracle@edvmr1p0 les11]$ ./create_certs.sh Password123#
mkdir: cannot create directory `/home/oracle/wallet_dir': File exists
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Found Auto Login (AL) wallet.
Option -pwd is not recognized and ignored.
Please check DN, could not found certificate request with matching DN.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Unable to read certificate request at /home/oracle/wallet_dir/edvmr1p0_req.pem
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
[oracle@edvmr1p0 les11]



[oracle@edvmr1p0 ~]$ cd ~/wallet_dir/
[oracle@edvmr1p0 wallet_dir]$ ls -alrt
total 32
drwx------   2 oracle oinstall 4096 Oct 30 12:31 root_ca
-rw-------   1 oracle oinstall    0 Oct 30 12:34 edvmr1p0.lck
drwx------   2 oracle oinstall 4096 Oct 30 12:36 edvmr1p0
drwx------. 33 oracle oinstall 4096 Oct 30 12:41 ..
-rw-------   1 oracle oinstall  976 Oct 30 12:41 rootCA_Cert.pem
drwx------   2 oracle oinstall 4096 Oct 30 12:41 dist_client
-rw-------   1 oracle oinstall  914 Oct 30 12:42 dist_client_req.pem
-rw-------   1 oracle oinstall  980 Oct 30 12:42 dist_client_Cert.pem
drwxr-xr-x   5 oracle oinstall 4096 Oct 30 12:42 .
[oracle@edvmr1p0 wallet_dir]$ cd ~/labs/lab/les11/
[oracle@edvmr1p0 les11]$ ls -alrt
total 16
-rwxr-xr-x  1 oracle oinstall 1904 Feb 11  2018 create_certs.sh
-rwxr-xr-x  1 oracle oinstall  962 Feb 11  2018 reset.sh
drwxr-xr-x  2 oracle oinstall 4096 Feb 11  2018 .
drwxr-xr-x 15 oracle oinstall 4096 Apr  5  2018 ..
[oracle@edvmr1p0 les11]$
  • oracle_create_wallet_certificates.txt
  • Last modified: 2020/10/30 12:46
  • by andonovj