How to Create Oracle Wallet to Secure External Password Store

Introduction:-

In this article, we will cover how to create oracle wallet to secure external password store. A wallet is a necessary repository in which you can securely store user certificates and the trust points needed to validate the certificates of peers.

Oracle secure external password store:-

Creating Oracle Wallet Secure External Password Store:-

First of all we need to create directory.

$mkdir -p /data03/UAT_8026/orahome/ewallet

———————————-

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /data03/UAT_8026/orahome/ewallet)

     ) )

SQLNET.WALLET_OVERRIDE = TRUE

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_VERSION = 0

Create a oracle wallet using the following syntax at the command line:👇

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -create

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter password:******

Enter password again:  ******

[oratest@***test orahome]$ cd ewallet/

[oratest@***test ewallet]$ ls

cwallet.sso  ewallet.p12

[oratest@***test ewallet]$ ll

total 8

-rw——- 1 oratest dba 3589 Aug 29 10:08 cwallet.sso

-rw——- 1 oratest dba 3512 Aug 29 10:08 ewallet.p12

how to create oracle wallet to secure external password

To add database login credentials to an existing client wallet, enter the following command at the command line:-

mkstore change wallet password:-

mkstore -wrl /data03/UAT_8026/orahome/ewallet -createCredential <db_connect_string> <username> <password>

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -createCredential UAT apps apps

[oratest@***test ewallet]$ mkstore -wrl /***data03/UAT_8026/orahome/ewallet -createCredential UAT apps apps

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Create credential oracle.security.client.connect_string1

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -listCredential

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)

1: UAT apps

If you change user password . No problem just update the wallet Password

$mkstore -wrl /data03/UAT_8026/orahome/ewallet  -modifyCredential UAT apps apps

Oracle Secret Store Tool : Version 11.2.0.4.0 – Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:   ******

Modify credential

Modify 1

How to find wallet path:-

SQL> SELECT * FROM V$ENCRYPTION_WALLET;

After wallet creation, connect to the database without specifying the username and password, as shown below.

$sqlplus /@UAT

SQL*Plus: Release 11.2.0.4.0 Production on Sat Aug 29 10:38:52 2020

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 – 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show user

USER is “APPS”

Wallets can be copied to different machines, which can represent a security risk. In 11g Release 2, you can prevent the auto login functionality of the wallet from working if it is copied to another machine by creating a local wallet using the “orapki” command, instead of the “mkstore” command.

$ orapki wallet create -wallet “/data03/UAT_8026/orahome/ewallet” -pwd “Password” -auto_login_local

Here you can see how to use the secure external password store from a Java application you must use the OCI driver, which in turn means you must have an Oracle client installed. To make the connection use a custom URL like this.

Connection conn = DriverManager.getConnection (“jdbc:oracle:oci:/@UAT”);

Password credentials of existing wallet entries can be modified or deleted using the following commands.

$mkstore -wrl <wallet_location> -modifyCredential <dbase_alias> <username> <password>

$mkstore -wrl <wallet_location> -deleteCredential <db_alias>

Very important thing that how to Manage Wallets and Certificates.

Starting Oracle Wallet Manager:-

👉 On Microsoft Windows, click Start, Programs, ORACLE_HOME, Network Administration, and then Wallet Manager.

👉 On UNIX, type owm at the command prompt.

$owm

Once you type owm . Oracle Wallet Manager console will open to import/export secure ssl certificates.

👉Open existing wallet by selecting the wallet path.👇

👉Once open the existing wallet you can see existing wallet details will show as below.👇

👉Write click on “Trusted Certificates” and click on “Import Trusted Certificates“.

👉Choose the second option to select the certificate file.

 

 

👉Enter the path that contain the certificates.

 

👉Once you locate the .crt click on ok to import it as well. Finally we need to save it by clicking on save button.

After completing the preceding steps, you have a wallet that contains a user certificate and its associated trust points.

Important post:-

• How to Duplicate from active database using rman in oracle database
  
• How to resolve Login Fails With Error Oacore Logs Shows oracle.apps.fnd.common.EBSLoggerHandler 
  
• HOW TO ENABLE TRACE FOR CONCURRENT PROGRAMS IN ORACLE EBS APPS R12 
  
• Simple Steps to upgrade jre in r12.2.
  
• How to fix Import Standard Purchase Orders Error cannot read the file PO_PDOI_GRP.start_process issue.