tmp/openssl_orapki_01.txt

# How to Create a New Wallet from an Existing Private Key and Certificates using OpenSSL and orapki (Doc ID 2769138.1)
openssl pkcs12 -export \
	-in /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.crt \
	-inkey /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.key \
	-certfile /app/oracle/staging_area/TLS_poc/openssl_files/rootCA.pem \
	-out /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.p12

# create an empty wallet
orapki wallet create -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" -auto_login_local

# we can import directly both user / trusted certificate from .p12 file
orapki wallet import_pkcs12 -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \
	-pkcs12file /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.p12

# or we can add separately trusted certificate and user certificate 
orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \
	-trusted_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/rootCA.pem

-> THIS fails
orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \
	-user_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.crt

orapki wallet import_private_key -wallet /oracle/wallet/location -pwd oracle_wallet_password -pvtkeyfile /tmp/encrypted.key -pvtkeypwd long_key_encryption_password -cert /etc/pki/tls/private/servername.crt

# How to Remove Trusted Certificate From Oracle Wallet (Doc ID 2257925.1)
orapki wallet remove -trusted_cert_all -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" 

# display wallet contents
orapki wallet display -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!"


export TNS_ADMIN=/app/oracle/staging_area/TLS_poc/tnsadmin


# client side
orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \
	-user_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/wayland.swgalaxy.fullchain.crt


# listener registration
alter system set local_listener="(DESCRIPTION_LIST =
	(DESCRIPTION =
		(ADDRESS = (PROTOCOL = TCPS)(HOST = togoria.swgalaxy)(PORT = 24000))
		(ADDRESS = (PROTOCOL = TCP)(HOST = togoria.swgalaxy)(PORT = 1521))
	)
)" 
scope=both sid='*';

alter system register;
2026-03-12 21:01:38 2026-03-12 22:01:38 +01:00			`# How to Create a New Wallet from an Existing Private Key and Certificates using OpenSSL and orapki (Doc ID 2769138.1)`
			`openssl pkcs12 -export \`
			`-in /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.crt \`
			`-inkey /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.key \`
			`-certfile /app/oracle/staging_area/TLS_poc/openssl_files/rootCA.pem \`
			`-out /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.p12`

			`# create an empty wallet`
			`orapki wallet create -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" -auto_login_local`

			`# we can import directly both user / trusted certificate from .p12 file`
			`orapki wallet import_pkcs12 -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \`
			`-pkcs12file /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.p12`

			`# or we can add separately trusted certificate and user certificate`
			`orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \`
			`-trusted_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/rootCA.pem`

			`-> THIS fails`
			`orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \`
			`-user_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.crt`

			`orapki wallet import_private_key -wallet /oracle/wallet/location -pwd oracle_wallet_password -pvtkeyfile /tmp/encrypted.key -pvtkeypwd long_key_encryption_password -cert /etc/pki/tls/private/servername.crt`

			`# How to Remove Trusted Certificate From Oracle Wallet (Doc ID 2257925.1)`
			`orapki wallet remove -trusted_cert_all -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!"`

			`# display wallet contents`
			`orapki wallet display -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!"`


			`export TNS_ADMIN=/app/oracle/staging_area/TLS_poc/tnsadmin`


			`# client side`
			`orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \`
			`-user_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/wayland.swgalaxy.fullchain.crt`



			`# listener registration`
			`alter system set local_listener="(DESCRIPTION_LIST =`
			`(DESCRIPTION =`
			`(ADDRESS = (PROTOCOL = TCPS)(HOST = togoria.swgalaxy)(PORT = 24000))`
			`(ADDRESS = (PROTOCOL = TCP)(HOST = togoria.swgalaxy)(PORT = 1521))`
			`)`
			`)"`
			`scope=both sid='*';`

			`alter system register;`