Why... Why... Why?
This blog is dedicated to documenting error resolution and other tidbits that I discover while working as a Consultant in the Oracle EPM (Hyperion) field. As much of my job revolves around issue resolution, I see an opportunity to supplement the typical troubleshooting avenues such as the Oracle Knowledgebase and Oracle Forums with more pinpointed information about specific errors as they are encountered. Beware, the information found in this blog is for informational purposes only and comes without any warranty or guarantee of accuracy.

EPMVirt: Create your own Oracle Hyperion Virtual Environment:

Saturday, August 22, 2015

SSL Tip: Converting a JKS file into an Oracle Wallet


When implementing SSL with Oracle technologies such as OHS an Oracle Wallet is required. The Oracle Wallet is Oracle's proprietary keystore for holding identity and trust SSL keys. Often though, a company will provide the Java Keystore (jks) format. Here is a trick to convert the JKS into an Oracle Wallet via the command line using the orapki command from an Oracle Client installation.

# create a new wallet. If C:\wallet_temp already exists, remove it first.
orapki wallet create -wallet c:\wallet_temp -auto_login_local
orapki wallet create -wallet c:\wallet_temp\ewallet.p12 -auto_login

# Remove all the default trusts from new wallet for a truly empty wallet
orapki wallet remove -wallet c:\wallet_temp\ewallet.p12 -trusted_cert_all

# using an existing jks file, import all contents into the new wallet
orapki wallet jks_to_pkcs12 -wallet c:\wallet_temp\ewallet.p12 -keystore c:\wallet_temp\my_java_keystore.jks -jkspwd "my_java_keystore_password"

At this point the new wallet is stored in C:\wallet_temp and ready to use.

By at
Labels:

5 comments:

  1. Asim RasoolOctober 5, 2015 at 11:48 PM

    I am getting following exception while exporting .jsk keystore to oracle wallet. Please help. Thanks

    Exception : java.io.IOException: No self-signed cert in chain

    ReplyDelete
    Replies
    1. Nicholas KingOctober 7, 2015 at 8:30 PM

      The conversion only works if the jks has a private key and all trusted certificates in it. It won't work if you are just trying to create a wallet trust store.

      Delete
  2. Sourabh VermaApril 21, 2017 at 2:34 PM

    Thanks , it helped a lot

    ReplyDelete
  3. UnknownMay 23, 2018 at 12:54 AM

    After applied SSL for servers in foundation and FDMEE, foundation is working but coming to FDMEE ODI connection is getting failed. We are using 11.1.2.4 version and 12 c database.

    ReplyDelete
  4. Srini ReddyJune 28, 2018 at 11:04 PM

    Oracle PKI Tool : Version 12.2.1.0.0
    Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

    Exception : java.io.IOException: Invalid keystore format

    I got above error when i tried to convert JKS to a wallet using orapki utility

    ReplyDelete

Subscribe to: Post Comments (Atom)