Skip to main content

Hi IFS Community!

We are running IFS 9 UPD17.  We are configured with an external load balancer in front of 2 web servers, one on each of 2 Windows 2012 R2 servers.  SSL is configured on the external load balancer.  We want to copy the Oracle wallet with the certificate for the external load balancer's server to the database server.  IFS's installer does not automatically create the cwallet.sso Oracle wallet file for the external server.  IFS's documentation states the following:

"When Oracle needs to connect to an external proxy (using its own certificate) a wallet must be created and the certificate imported manually. Refer to the Oracle documentation (orapki) for the version in use. The wallet should contain the root and possibly the intermediate certificate."

Does anyone have any experience doing this?  Can anyone provide us with instructions on how to do this?  I have a pfx file (PKCS12) for the external server.

Thanks for any help you can give.

Dave
 

Hi,

I used Oracle Wallet Manager in the past to do this. See Oracle’s documentation below -

https://docs.oracle.com/cd/A97329_03/manage.902/a95192/owm.htm

To start OWM - (Windows) Select Start, Programs, Oracle-HOME_NAME, Integrated Management Tools, Wallet Manager.


Thanks for the response, Srikanth.  I guess I’m looking for more specifics than what is provided by the Oracle documentation.  I have tried to use the Oracle Wallet Manager to do this, but without success.

Can anyone tell me how the IFS installer takes the pfx file supplied to it on the SSL Configuration page of the installer wizard, i.e., the file specified in the PKCS12 Store field, and produces the cwallet.sso file in C:\<instance>\ohs\config\fmwconfig\components\OHS\instances\<instance>\keystores\ifs ?  If I can find that out, then I should be able to take my pfx file for the external load balancer's server and create the Oracle Wallet file cwallet.sso.
 


Here are the commands I saved from the only one time I had to do this.

Also, please bear in mind I did not create the wallet for the reasons you need this for.

orapki wallet create -wallet C:\app\Admin\product\12.2.0\dbhome_1\admin\wallet -pwd <your_password>! -auto_login

orapki wallet add -wallet C:\app\Admin\product\12.2.0\dbhome_1\admin\wallet -trusted_cert -cert "C:\Temp\ecb.cer"

UTL_HTTP.SET_WALLET('file:C:\app\DariuszKasprzycki\product\11.2.0\client_1\wallet');

orapki wallet add -wallet <wallet_location> -trusted_cert -cert <certificate_location>

SET SERVEROUTPUT ON
EXEC UTL_HTTP.set_wallet('file:C:\app\Admin\product\12.2.0\dbhome_1\admin\wallet', NULL);
EXEC show_html_from_url('https://gb.redhat.com/');

UTL_HTTP.SET_WALLET('file:C:\app\Admin\product\12.2.0\dbhome_1\admin\wallet');

orapki wallet add -wallet C:\app\Admin\product\12.2.0\dbhome_1\admin\wallet -trusted_cert -cert "C:\app\Admin\product\12.2.0\dbhome_1\admin\wallet\xxxxxxxxx.cer"


-------------------------------
orapki wallet create -wallet C:\oracle\admin\APPS10\wallet -pwd Rawlins$9 -auto_login

orapki wallet add -wallet C:\oracle\admin\APPS10\wallet -trusted_cert -cert "C:\oracle\admin\APPS10\wallet\redhat.cer"

EXEC UTL_HTTP.set_wallet('file:C:\oracle\admin\APPS10\wallet', '<your_password>');
EXEC show_html_from_url('https://gb.redhat.com/');

------------------------------
Working for Apps 10 RACE
1. Used OWM to create a new Wallet and import Trusted Certificate
1B. Install the certificate on the local machine using Certificate Manager
Run a test location: 
2. orapki wallet display -wallet C:\oracle\admin\APPS10\race_wallet
3. Test the URL
select utl_http.request ('https://kc1ifsapp10upd1.dsiglobal.com:48080/',NULL,'file:C:\oracle\admin\APPS10\race_wallet','<your_password>') from dual;

Good luck!


Thank you again Srikanth.  I have tried and I have used some of the commands you supplied but I have been unsuccessful.  I am hoping to get some specific step-by-step instructions for properly creating the Oracle wallet and importing the certificate for our load balancer.  Hopefully someone on the community has done this exact same thing described above in my original question.