# How to Create a New Wallet from an Existing Private Key and Certificates using OpenSSL and orapki (Doc ID 2769138.1) openssl pkcs12 -export \ -in /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.crt \ -inkey /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.key \ -certfile /app/oracle/staging_area/TLS_poc/openssl_files/rootCA.pem \ -out /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.p12 # create an empty wallet orapki wallet create -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" -auto_login_local # we can import directly both user / trusted certificate from .p12 file orapki wallet import_pkcs12 -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \ -pkcs12file /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.p12 # or we can add separately trusted certificate and user certificate orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \ -trusted_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/rootCA.pem -> THIS fails orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \ -user_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/togoria.swgalaxy.crt orapki wallet import_private_key -wallet /oracle/wallet/location -pwd oracle_wallet_password -pvtkeyfile /tmp/encrypted.key -pvtkeypwd long_key_encryption_password -cert /etc/pki/tls/private/servername.crt # How to Remove Trusted Certificate From Oracle Wallet (Doc ID 2257925.1) orapki wallet remove -trusted_cert_all -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" # display wallet contents orapki wallet display -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" export TNS_ADMIN=/app/oracle/staging_area/TLS_poc/tnsadmin # client side orapki wallet add -wallet /app/oracle/staging_area/TLS_poc/wallet -pwd "Secret00!" \ -user_cert -cert /app/oracle/staging_area/TLS_poc/openssl_files/wayland.swgalaxy.fullchain.crt # listener registration alter system set local_listener="(DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = togoria.swgalaxy)(PORT = 24000)) (ADDRESS = (PROTOCOL = TCP)(HOST = togoria.swgalaxy)(PORT = 1521)) ) )" scope=both sid='*'; alter system register;