How to Create Oracle Wallet to Secure External Password Store

Introduction:-

In this article, we will cover how to create oracle wallet to secure external password store. A wallet is a necessary repository in which you can securely store user certificates and the trust points needed to validate the certificates of peers.

Oracle secure external password store:-

The following steps provide an overview of the complete oracle wallet creation process:

 

Creating Oracle Wallet Secure External Password Store:-

First of all we need to create directory.

$mkdir -p /data03/UAT_8026/orahome/ewallet

Enter below information in sqlnet.ora.

———————————-

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /data03/UAT_8026/orahome/ewallet)

     ) )

SQLNET.WALLET_OVERRIDE = TRUE

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_VERSION = 0

 

Create a oracle wallet using the following syntax at the command line:👇

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -create

 

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

 

Enter password:******

Enter password again:  ******

[oratest@***test orahome]$ cd ewallet/

[oratest@***test ewallet]$ ls

cwallet.sso  ewallet.p12

[oratest@***test ewallet]$ ll

total 8

-rw——- 1 oratest dba 3589 Aug 29 10:08 cwallet.sso

-rw——- 1 oratest dba 3512 Aug 29 10:08 ewallet.p12

 

how to create oracle wallet to secure external password

To add database login credentials to an existing client wallet, enter the following command at the command line:-

mkstore change wallet password:-

 

mkstore -wrl /data03/UAT_8026/orahome/ewallet -createCredential <db_connect_string> <username> <password>

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -createCredential UAT apps apps

 

[oratest@***test ewallet]$ mkstore -wrl /***data03/UAT_8026/orahome/ewallet -createCredential UAT apps apps

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Create credential oracle.security.client.connect_string1

 

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -listCredential

 

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)

1: UAT apps

If you change user password . No problem just update the wallet Password

$mkstore -wrl /data03/UAT_8026/orahome/ewallet  -modifyCredential UAT apps apps

 

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:   ******

Modify credential

Modify 1

 

How to find wallet path:-

SQL> SELECT * FROM V$ENCRYPTION_WALLET;

wrl_type  wrl_parameterstatus
file/data03/UAT_8026/orahome/ewalletOPEN_NO_MASTER_KEY

 

After wallet creation, connect to the database without specifying the username and password, as shown below.

$sqlplus /@UAT

SQL*Plus: Release 11.2.0.4.0 Production on Sat Aug 29 10:38:52 2020

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 – 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show user

USER is “APPS”

 

Wallets can be copied to different machines, which can represent a security risk. In 11g Release 2, you can prevent the auto login functionality of the wallet from working if it is copied to another machine by creating a local wallet using the “orapki” command, instead of the “mkstore” command.

 

$ orapki wallet create -wallet “/data03/UAT_8026/orahome/ewallet” -pwd “Password” -auto_login_local

 

Here you can see how to use the secure external password store from a Java application you must use the OCI driver, which in turn means you must have an Oracle client installed. To make the connection use a custom URL like this.

 

Connection conn = DriverManager.getConnection (“jdbc:oracle:oci:/@UAT”);

 

Password credentials of existing wallet entries can be modified or deleted using the following commands.

 

$mkstore -wrl <wallet_location> -modifyCredential <dbase_alias> <username> <password>

$mkstore -wrl <wallet_location> -deleteCredential <db_alias>

 

Very important thing that how to Manage Wallets and Certificates.

 

Starting Oracle Wallet Manager:-

👉 On Microsoft Windows, click Start, Programs, ORACLE_HOME, Network Administration, and then Wallet Manager.

 

👉 On UNIX, type owm at the command prompt.

$owm

Once you type owm . Oracle Wallet Manager console will open to import/export secure ssl certificates.

👉Open existing wallet by selecting the wallet path.👇

how-to-create-oracle-wallet-to-secure-external-password
how-to-create-oracle-wallet-to-secure-external-password

👉Once open the existing wallet you can see existing wallet details will show as below.👇

oracle wallet manager
oracle wallet manager

 

👉Write click on “Trusted Certificates” and click on “Import Trusted Certificates“.

creating a wallet secure external
creating a wallet secure external
 

👉Choose the second option to select the certificate file.


owm 3 -
 
 

👉Enter the path that contain the certificates.


owm 4 -
 

👉Once you locate the .crt click on ok to import it as well. Finally we need to save it by clicking on save button.


owm 5 -

After completing the preceding steps, you have a wallet that contains a user certificate and its associated trust points.

Important post:-

9 thoughts on “How to Create Oracle Wallet to Secure External Password Store”

Leave a Comment