Showing posts with label ssl. Show all posts
Showing posts with label ssl. Show all posts

Wednesday, January 28, 2026

how to export certificate in pem format | SSL / TLS issues.

For TLS implementation in EBS it support PEM format.  

    Exporting a certificate in PEM format depends on your current file type (e.g., .pfx, .cer, .der) or the tool you are using. 
    1. Using OpenSSL (Cross-Platform)
    OpenSSL is the most common tool for converting certificates. 
    • From PFX (.p12 / .pfx): To export the certificate and private key together:
      openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
    • From DER (.cer / .der): To convert a binary DER file to a text PEM file:
      openssl x509 -inform der -in certificate.cer -out certificate.pem
    • From P7B (.p7b): To convert a PKCS#7 file:
      openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem       
    2. Using Windows Certificate Export Wizard
    If the certificate is already installed on your Windows system:
    1. Open certmgr.msc (User) or certlm.msc (Local Computer).
    2. Right-click your certificate → All Tasks → Export.
    3. Select Base-64 encoded X.509 (.CER). This format is functionally identical to PEM.
    4. Complete the wizard and save the file. You can manually rename the extension from .cer to .pem if required by your application. 
      5. 3. Using a Web Browser
      To export a certificate from a website:
      • Chrome/Edge: Click the Padlock icon → Connection is secure → Certificate is valid → Details → Export. Choose Base-64 encoded X.509 or PEM if available.
      • Firefox: Click the Padlock → Connection secure → More Information → View Certificate → Details → Export. 
      4. Manual Creation (Combining Files)
      If you have separate .crt and .key files and need a single .pem file:
      1. Open a text editor like Notepad.
      2. Paste the contents of the certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
      3. Paste the contents of the private key immediately below it.
      4. Save the file with a .pem extension.
at No comments:
Labels: , ,

Thursday, July 8, 2021

ORAPKI commands, oracle wallets ,OHS certificate import export update

ORAPKI commands, oracle wallets ,OHS certificate import export update Oracel wallets are used to store SSL certificates for producst as OID, OVD, OHS, think of it a combination of Keystore and Truststore which stores both Identity(termed 'User certificate') and Trust certificates . ORAPKI is the utility provided by oracle to manage public key infrastructure (PKI) elements, such as wallets , on the command line. this is available under MIDDLEWARE_HOME/ oracle_common/ bin path. **The other way will be to use EM console for OID or OVD, or to use Oracel Wallet Manager tool(OWM) , I'll have to check it after this** SSL for OID and SSL for OVD. The syntax for orapki is : orapki module command -parameter value module will be the object you're working with : wallet (Oracle wallet), crl (certificate revocation list), or cert (PKI digital certificate). Display a wallet : ./orapki wallet display -wallet /app/Oracle/Middleware/wallet-wam.xxx.com-2017 This will give you an update such as : User Certificates: Subject: CN=XXX.XXX.com,OU=TRC,O=XXX.,L=,ST=LA,C=IT Trusted Certificates: Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US Subject: CN=XXX-SUBCA,DC=xxxnet,DC=xxx,DC=intranet Display a certificate : orapki cert display -cert certificate_location -summary(for brief info) | -complete Export a cert from a wallet : orapki wallet export -wallet wallet_location -dn certificate_dn -cert certificate_filename. ./orapki wallet export -wallet /apps/Oracle/Middleware/wallet-abc.xxx.com -dn "CN=XXX-SUBCA,DC=xxxnet,DC=xxx,DC=intranet"-cert /apps/Oracle/Middleware/NEW_CERTNAME.cer ERRORS : PKI-04006 : No matching private key in the wallet. Cause: Attempted to install a user certificate, but no matching private key was found in the wallet. Action: Make sure that the user certificate is being installed to the wallet where the certificate request was created. We can not export a user certificate and add it to another wallet since the certification request was not generated from the second wallet. PKI-02008 : Unable to modify a read-only Auto-login wallet. Cause: Attempted to update a read-only Auto-login wallet. Action: Specify the associated Password-protected wallet. For this error, you'll have to use the -pwd option with the password in the add command itself, if you don't , you'll be prompted to enter the password but it'll not work. If you don't already have a wallet, or just wanna create a new one : STEP 1 : Create a wallet : ./orapki wallet create -wallet /apps/Oracle/Middleware/wallet-abc.xxx.com/ -pwd xxx123 -auto_login This command creates a wallet with auto-login enabled, or it can also be used to enable auto-login on an existing wallet. If the wallet_location already contains a wallet, then auto-login will be enabled for it. To disable the auto-login feature, delete cwallet.sso. STEP 2 : Add a certificate request to an Oracle wallet : orapki wallet add -wallet wallet_location -dn user_dn -keySize 512|1024|2048 ./orapki wallet add -wallet /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/ -dn "CN=abc.xxx.com,OU=ICT,O=xxx S.p.A.,L=San Donato Milanese,ST=Milano,C=IT" -pwd ***123 -keysize 2048 -validity 1024 STEP 3 : Export the certificate request and share it with you CA to generate a certificate : orapki wallet export -wallet wallet_location -dn certificate_request_dn -request certificate_request_filename ./orapki wallet export -wallet /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/ -dn "CN=wam.xxx.com,OU=ICT,O=xxx S.p.A.,L=San Donato Milanese,ST=Milano,C=IT" -request /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/wam.xxx.com.csr To add user certificate : orapki wallet add -wallet wallet_location -user_cert -cert certificate_location ./orapki wallet add -wallet /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/ -user_cert -cert /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/wam.cer -pwd xxx123 To add a trusted certificate to an Oracle wallet : (we must add all the trust certificates before adding an user certificate) orapki wallet add -wallet wallet_location -trusted_cert -cert certificate_location ./orapki wallet add -wallet /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/ -trusted_cert -cert /apps/Oracle/Middleware/wallet-wam.xxx.com-2017/xxx_SUBCA.cer -pwd xxx123 To add a root certificate to an Oracle wallet : orapki wallet add -wallet wallet_location -dn certificate_dn -keySize 512|1024|2048 -self_signed -validity number_of_days Since I was working with OHS , the way to find the wallet is : Go to /Middleware_HOME/Oracle_WT1/instances/instance1/config/OHS/password_host1 open the ssl.conf look for SSLWallet entry , to find the wallet. As always, thanks for reading ! http://bitoshok-das.blogspot.com/2019/07/orapki-commands-oracle-wallets-ohs_24.html http://h2hdba.blogspot.com/2016/11/managing-oracle-wallets-and.html
at No comments:
Labels: , ,
Subscribe to: Comments (Atom)

how to export certificate in pem format | SSL / TLS issues.

For TLS implementation in EBS it support PEM format.   Exporting a certificate in  PEM format  depends on your current file type (e.g., .pfx...