Show pageOld revisionsBacklinksODT exportBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. To create Wallet and Self Signed Certificates for Orale use the following script: <Code:bash|Script Source> #!/usr/bin/env bash if [ $# -eq 0 ] then echo "Script expects MA password as the first parameter." exit 1 fi if [ -z "$1" ] then echo "Script expects MA password as the first parameter." exit 1 fi honame=`hostname -f` node=${honame%%.*} mkdir ~/wallet_dir orapki wallet create -wallet ~/wallet_dir/root_ca -auto_login -pwd $1 orapki wallet add -wallet ~/wallet_dir/root_ca -dn "CN=RootCA" -keysize 2048 -self_signed -validity 7300 -pwd $1 orapki wallet export -wallet ~/wallet_dir/root_ca -dn "CN=RootCA" -cert ~/wallet_dir/rootCA_Cert.pem -pwd $1 orapki wallet create -wallet ~/wallet_dir/${node} -auto_login -pwd $1 orapki wallet add -wallet ~/wallet_dir/${node} -dn "CN=${honame}" -keysize 2048 -pwd $1 orapki wallet export -wallet ~/wallet_dir/${node} -dn "CN=${honame}" -request ~/wallet_dir/${node}_req.pem -pwd $1 orapki cert create -wallet ~/wallet_dir/root_ca -request ~/wallet_dir/${node}_req.pem -cert ~/wallet_dir/${node}_Cert.pem -serial_num 20 -validity 365 -pwd $1 orapki wallet add -wallet ~/wallet_dir/${node} -trusted_cert -cert ~/wallet_dir/rootCA_Cert.pem -pwd $1 orapki wallet add -wallet ~/wallet_dir/${node} -user_cert -cert ~/wallet_dir/${node}_Cert.pem -pwd $1 orapki wallet create -wallet ~/wallet_dir/dist_client -auto_login -pwd $1 orapki wallet add -wallet ~/wallet_dir/dist_client -dn "CN=${honame}" -keysize 2048 -pwd $1 orapki wallet export -wallet ~/wallet_dir/dist_client -dn "CN=${honame}" -request ~/wallet_dir/dist_client_req.pem -pwd $1 orapki cert create -wallet ~/wallet_dir/root_ca -request ~/wallet_dir/dist_client_req.pem -cert ~/wallet_dir/dist_client_Cert.pem -serial_num 30 -validity 365 -pwd $1 orapki wallet add -wallet ~/wallet_dir/dist_client -trusted_cert -cert ~/wallet_dir/rootCA_Cert.pem -pwd $1 orapki wallet add -wallet ~/wallet_dir/dist_client -user_cert -cert ~/wallet_dir/dist_client_Cert.pem -pwd $1 </Code> ===Usage=== <Code:bash|USage> [oracle@edvmr1p0 les11]$ ./create_certs.sh Password123# mkdir: cannot create directory `/home/oracle/wallet_dir': File exists Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0 Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0 Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Found Auto Login (AL) wallet. Option -pwd is not recognized and ignored. Please check DN, could not found certificate request with matching DN. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Unable to read certificate request at /home/oracle/wallet_dir/edvmr1p0_req.pem Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0 Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. PKI-02003: Unable to load the wallet at: /home/oracle/wallet_dir/edvmr1p0 Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. Oracle PKI Tool : Version 12.2.0.1.0 Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. [oracle@edvmr1p0 les11] [oracle@edvmr1p0 ~]$ cd ~/wallet_dir/ [oracle@edvmr1p0 wallet_dir]$ ls -alrt total 32 drwx------ 2 oracle oinstall 4096 Oct 30 12:31 root_ca -rw------- 1 oracle oinstall 0 Oct 30 12:34 edvmr1p0.lck drwx------ 2 oracle oinstall 4096 Oct 30 12:36 edvmr1p0 drwx------. 33 oracle oinstall 4096 Oct 30 12:41 .. -rw------- 1 oracle oinstall 976 Oct 30 12:41 rootCA_Cert.pem drwx------ 2 oracle oinstall 4096 Oct 30 12:41 dist_client -rw------- 1 oracle oinstall 914 Oct 30 12:42 dist_client_req.pem -rw------- 1 oracle oinstall 980 Oct 30 12:42 dist_client_Cert.pem drwxr-xr-x 5 oracle oinstall 4096 Oct 30 12:42 . [oracle@edvmr1p0 wallet_dir]$ cd ~/labs/lab/les11/ [oracle@edvmr1p0 les11]$ ls -alrt total 16 -rwxr-xr-x 1 oracle oinstall 1904 Feb 11 2018 create_certs.sh -rwxr-xr-x 1 oracle oinstall 962 Feb 11 2018 reset.sh drwxr-xr-x 2 oracle oinstall 4096 Feb 11 2018 . drwxr-xr-x 15 oracle oinstall 4096 Apr 5 2018 .. [oracle@edvmr1p0 les11]$ </Code> oracle_create_wallet_certificates.txt Last modified: 2020/10/30 12:46by andonovj