Skip Headers

Oracle Advanced Security Administrator's Guide
Release 2 (9.2)

Part Number A96573-01
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback

Go to previous page Go to next page

17
Using Oracle Wallet Manager

Security administrators use Oracle Wallet Manager to manage public key security credentials on Oracle clients and servers. The wallets it creates are opened by using either Oracle Enterprise Login Assistant or Oracle Wallet Manager.

This chapter describes Oracle Wallet Manager, and contains the following topics:

See Also:

Chapter 18, Using Oracle Enterprise Login Assistant, for information about how to open and close wallets for secure SSL communications using Oracle Enterprise Login Assistant

Overview

Traditional private-key or symmetric-key cryptography requires a single, secret key that is shared by two or more parties to a secure communication. This key is used to both encrypt and decrypt secure messages sent between the parties, requiring prior, secure distribution of the key to each party. The problem with this method is that it is difficult to securely transmit and store the key.

Public-key cryptography provides a solution to this problem, by employing public/private key pairs and a secure method for key distribution. The freely available public key is used to encrypt messages that can only be decrypted by the holder of the associated private key. The private key is securely stored, together with other security credentials, in an encrypted container--called a wallet.

Public-key algorithms can guarantee the secrecy of a message, but they don't necessarily guarantee secure communications because they don't verify the identities of the communicating parties. In order to establish secure communications, it is important to verify that the public key used to encrypt a message does in fact belong to the target recipient. Otherwise, a third party can potentially eavesdrop on the communication and intercept public key requests, substituting its own public key for a legitimate key (the man-in-the-middle attack).

In order to avoid such an attack, it is necessary to verify the owner of the public key, a process called authentication. Authentication can be accomplished through a certificate authority (CA)--a third party that is trusted by both of the communicating parties.

The CA issues public key certificates that contain an entity's name, public key, and certain other security credentials. Such credentials typically include the CA name, the CA signature, and the certificate effective dates (From Date, To Date).

The CA uses its private key to encrypt a message, while the public key is used to decrypt it, thus verifying that the message was encrypted by the CA. The CA public key is well known, and does not have to be authenticated each time it is accessed. Such CA public keys are stored in an Oracle wallet.

Wallet Password Management

Oracle Wallet Manager includes an enhanced wallet password management module that enforces Password Management Policy guidelines, including the following:

Strong Wallet Encryption

Oracle Wallet Manager stores private keys associated with X.509 certificates, requiring strong encryption. Accordingly, Release 2 (9.2) replaces DES encryption with 3-key Triple-DES--a substantially stronger encryption algorithm.

Microsoft Windows Registry

Oracle Wallet Manager lets you optionally store multiple Oracle wallets in the user profile area of the Microsoft Windows System Registry (for Windows 95/98/ME/NT 4.0/2000), or in a Windows file management system. Storing your wallets in the registry provides the following benefits:

Options Supported:

Oracle Wallet Functions

Oracle Wallet Manager is a standalone Java application that wallet owners use to manage and edit the security credentials in their Oracle wallets. These tasks include the following:

Backward Compatibility

Oracle Wallet Manager is backward-compatible to Release 8.1.5.

PKCS #12 Support

Oracle Wallet Manager stores X.509 certificates and private keys in industry-standard, PKCS #12 format. This makes the Oracle wallet structure interoperable with supported third party PKI applications, and provides wallet portability across operating systems.


Note:

Although Oracle Advanced Security and Oracle Wallet Manager fully comply with PKCS #12, there may be some compatibility issues using third-party products--such as Netscape Communicator and Microsoft Internet Explorer.


Importing Third-Party Wallets

Oracle Wallet Manager can import and support the following PKCS #12-format wallets, subject to product-specific procedures and limitations:

To import a third-party wallet:

  1. Follow the product-specific procedure to export the wallet.
  2. Save the exported wallet to an operating system-specific file name in a directory expected by Oracle Advanced Security.

    For UNIX and Windows NT, the file name is ewallet.p12.

    For other operating systems, see the Oracle operating system-specific documentation.

    See Also: Importing a Trusted Certificate.


    Notes:
    • You must copy the third-party PKCS #12 wallet file name to a directory expected by Oracle Wallet Manager and change the name; the UNIX/NT wallet file name is ewallet.p12.
    • Since browsers typically do not export trusted certificates under PKCS #12 (other than the signer's own certificate), you may need to add trust points to authenticate the other party in the SSL connection. You can use Oracle Wallet Manager to do this.

Exporting Oracle Wallets

Oracle Wallet Manager can export its own wallets to third party environments. To export a wallet:

  1. Use Oracle Wallet Manager to save the wallet file.
  2. Follow the third-party product-specific import procedure to import an operating system-specific PKCS #12 wallet file created by Oracle Wallet Manager (called ewallet.p12 on UNIX and NT platforms).


    Note:
    • Oracle Wallet Manager supports multiple certificates for each wallet. However, current browsers typically support import of single-certificate wallets only. Accordingly, for these browsers, you must export an Oracle Wallet containing a single key-pair.
    • Wallet export is only supported to (i) Netscape Communicator Domestic Version, and to (ii) OpenSSL.

Multiple Certificate Support

Oracle wallet tools (Oracle Wallet Manager, Enterprise Login Assistant) support multiple certificates for each wallet, supporting the following Oracle PKI certificate usages:

Oracle Wallet Manager supports multiple certificates for a single digital entity, where each certificate can be used for a set of Oracle PKI certificate usages--but the same certificate cannot be used for all such usages (See: Tables 17-2 and 17-3 for legal usage combinations). There must be a one-to-one mapping between certificate requests and certificates. The same certificate request can be used to obtain multiple certificates. More than one certificate cannot be installed in the same wallet at the same time.

Oracle Wallet Manager uses X.509 V3 extension KeyUsage to define Oracle PKI certificate usages (Table 17-1):

Table 17-1 KeyUsage Values
Value Usage

0

digitalSignature

1

nonRepudiation

2

keyEncipherment

3

dataEncipherment

4

keyAgreement

5

keyCertSign

6

cRLSign

7

encipherOnly

8

decipherOnly

When installing a certificate (user certificate, trusted certificate), Oracle Wallet Manager uses Tables 17-2 and 17-3 to map the KeyUsage extension values to Oracle PKI certificate usages:

Table 17-2 OWM Import of User Certificate to an Oracle Wallet
KeyUsage Value Critical?Foot 1 Usage

none

na

Certificate is importable for SSL or S/MIME encryption use.

0 alone, or any combination including 0 but excluding 5 and 2

na

Accept certificate for S/MIME signature or code-signing use.

1 alone

Yes

Not importable.

No

Accept certificate for S/MIME signature or code-signing use.

2 alone, or 2 + any combination excluding 5

na

Accept certificate for SSL or S/MIME encryption use.

5 alone, or any combination including 5

na

Accept certificate for CA certificate signing use.

Any settings not listed previously

Yes

Not importable.

No

Certificate is importable for SSL or S/MIME encryption use.

1 If the KeyUsage extension is critical, the certificate cannot be used for other purposes.
Table 17-3 OWM Import of Trusted Certificates to an Oracle Wallet
KeyUsage
Value
Critical?Foot 1 Usage

none

na

Importable.

Any combination excluding 5

Yes

Not importable.

No

Importable.

5 alone, or any combination including 5

na

Importable.

1 If the KeyUsage extension is critical, the certificate cannot be used for other purposes.

You should obtain certificates from the certificate authority with the correct KeyUsage value for the required Oracle PKI certificate usage. A single wallet can contain multiple key pairs for the same usage. Each certificate can support multiple Oracle PKI certificate usages, as indicated by Tables 17-2 and 17-3. Oracle PKI applications use the first certificate containing the required PKI certificate usage.

For example: For SSL usage, the first certificate containing the SSL Oracle PKI certificate usage is used.


Note:

SSL Oracle PKI Certificate Usage is the only usage supported by Oracle PKI applications.


LDAP Directory Support

Oracle Wallet Manager can upload wallets to--and retrieve them from--an LDAP-compliant directory.

Storing wallets in a centralized LDAP-compliant directory lets users access them from multiple locations or devices, ensuring consistent and reliable user authentication--while providing centralized wallet management throughout the wallet life cycle. To prevent accidental over-write of functional wallets, only wallets containing an installed certificate can be uploaded.

See Also:

Oracle Wallet Manager requires that enterprise users are already defined and configured in the LDAP directory, to be able to upload or download wallets. If a directory contains Oracle8i (or prior) users, they are automatically upgraded to use the wallet upload/download feature--upon first use.

See Also:

Task 11: Configure Enterprise Users.

Oracle Wallet Manager downloads a user wallet using a simple password based connection to the LDAP directory. However, for uploads it uses an SSL connection if the open wallet contains a certificate with SSL Oracle PKI certificate usage.

See Also:

Multiple Certificate Support, for more information about Oracle PKI certificate user.

If an SSL certificate is not present in the wallet, password-based authentication is used.


Note:

The directory password and the wallet password are independent, and can be different. Oracle Corporation recommends that these passwords are maintained to be consistently different, where neither one can logically be derived from the other.


Managing Wallets

This section describes how to create a new wallet and perform associated wallet management tasks, such as generating certificate requests, exporting certificate requests, and importing certificates into wallets, in the following subsections:

Starting Oracle Wallet Manager

To start Oracle Wallet Manager:

Creating a New Wallet

Create a new wallet as follows:

  1. Choose Wallet > New from the menu bar; the New Wallet dialog box appears.
  2. Follow the required guidelines for creating a password and enter a password in the Wallet Password field.

    Because an Oracle wallet contains user credentials that can be used to authenticate the user to multiple databases, it is especially important to choose a strong wallet password. A malicious user who guesses the wallet password can access all the databases to which the wallet owner has access.

    Passwords must contain at least eight characters that consist of alphabetic characters combined with numbers or special characters.


    Caution:

    It is strongly recommended that users avoid choosing easily guessed passwords based on user names, phone numbers, or government identification numbers, such as "admin0," "oracle1," or "2135551212A." This prevents a potential attacker from using personal information to deduce the users' passwords. It is also a prudent security practice for users to change their passwords periodically, such as once in each month or once in each quarter.


    See Also:

    Wallet Password Management.

  3. Re-enter that password in the Confirm Password field.
  4. Choose OK to continue.
  5. If the entered password does not conform to the required guidelines, then the following message appears:

    Password must have a minimum length of eight characters, and contain alphabetic characters combined with numbers or special characters. Do you want to try again?

  6. An Alert is displayed, and informs you that a new empty wallet has been created. It prompts you to decide whether you want to create a certificate request. See: Adding a Certificate Request.

    If you choose Cancel, you are returned to the Oracle Wallet Manager main window. The new wallet you just created appears in the left window pane. The certificate has a status of Empty, and the wallet displays its default trusted certificates.

  7. Select Wallet > Save In System Default to save the new wallet.

    If you do not have permission to save the wallet in the system default, you can save it to another location.

    A message at the bottom of the window informs you that the wallet was successfully saved.

Opening an Existing Wallet

Open a wallet that already exists in the file system directory as follows:

  1. Choose Wallet > Open from the menu bar; the Select Directory dialog box appears.
  2. Navigate to the directory location in which the wallet is located, and select the directory.
  3. Choose OK; the Open Wallet dialog box appears.
  4. Enter the wallet password in the Wallet Password field.
  5. Choose OK.
  6. The message Wallet opened successfully appears at the bottom of the window, and you are returned to the Oracle Wallet Manager main window. The wallet's certificate and its trusted certificates are displayed in the left window pane.

Closing a Wallet

To close an open wallet in the currently selected directory:

Uploading a Wallet to an LDAP Directory

To upload a wallet to an LDAP directory, Oracle Wallet Manager uses SSL if a SSL certificate is contained in the target wallet. Otherwise, it lets you enter the directory password. Note that both Oracle Wallet Manager and Enterprise Login Assistant can upload and download wallets interchangeably.

To prevent accidental destruction of your wallet, Oracle Wallet Manager will not permit you to execute the Upload option, unless the target wallet is currently open and contains at least one user certificate.

To upload a wallet:

  1. Choose Wallet>Upload into the Directory Service. If the currently open wallet has not been saved, a dialog box appears with the following message:

    Wallet needs to be saved before uploading.

    Choose Yes to proceed.

  2. Wallet certificates are checked for key usage SSL. If at least one certificate has SSL key usage, a dialog box prompts for the server and the port. Enter the server and port information associated with the LDAP directory and choose OK. Oracle Wallet Manager attempts connection to the LDAP directory server using SSL.
  3. If upload fails, the following message appears:

    Upload wallet failed

    Otherwise, the following message appears:

    Wallet uploaded successfully.

  4. If the target wallet does not contain any certificates with key usage SSL, a dialog box prompts for the user distinguished name (DN) and the LDAP server and port information. Enter this information and choose OK. Oracle Wallet Manager attempts connection to the LDAP directory server using Simple Password Authentication mode, assuming that the wallet password is the same as the directory password.
  5. If the prior step fails, a dialog box prompts for the directory password. Oracle Wallet Manager attempts connection to the LDAP directory server using this password and displays a warning message if the attempt fails. Otherwise, Oracle Wallet Manager displays a successful status message at the bottom of the window.

Downloading a Wallet from an LDAP Directory

When a wallet is downloaded from an LDAP directory, it is resident in working memory. It is not saved to the file system unless you expressly save it using any of the Save options described in the following sections.

See Also:

To download a wallet from an LDAP directory:

  1. Choose Wallet>Download from the Directory Service.
  2. A dialog box prompts for the user distinguished name, and the directory password, server and port information associated with the source LDAP directory. Oracle Wallet Manager uses simple password authentication to connect to the LDAP directory.
  3. If the download operation fails, the following warning message is displayed:

    Download wallet failed

  4. If the download is successful and there is an existing open wallet, the following message is displayed:

    An opened wallet already exists in memory. Do you wish to overwrite it with the downloaded wallet?

    Choose OK to open the downloaded wallet.

  5. Oracle Wallet Manager attempts to open that wallet using the directory password.
  6. If the operation fails (using the directory password), a dialog box prompts for the wallet password.
  7. If Oracle Wallet Manager cannot open the target wallet using the wallet password, the following message is displayed:

    Open downloaded wallet failed

    Otherwise the status:

    Wallet downloaded successfully

    is displayed at the bottom of the window.

Saving Changes

To save your changes to the current open wallet:

Saving the Open Wallet to a New Location

Use the Save As option to save the current open wallet to a new directory location:

  1. Choose Wallet > Save As; the select directory dialog box appears.
  2. Select a directory location to save the wallet.
  3. Choose OK.

    The following message appears if a wallet already exists in the selected directory:

    A wallet already exists in the selected path. Do you want to overwrite it?.

    Choose Yes to overwrite the existing wallet, or No to save the wallet to another directory.

    A message at the bottom of the window confirms that the wallet was successfully saved to the selected directory location.

Saving in System Default

Use the Save in System Default menu option to save the current open wallet to the system default directory location.


Note:

Certain Oracle applications are not able to use the wallet if it is not in the system default location.




Deleting the Wallet

To delete the current open wallet:

  1. Choose Wallet > Delete; the Delete Wallet dialog box appears.
  2. Review the displayed wallet location to verify you are deleting the correct wallet.
  3. Enter the wallet password.
  4. Choose OK; a dialog panel appears to inform you that the wallet was successfully deleted.


    Note:

    Any open wallet in application memory will remain in memory until the application exits. Therefore, deleting a wallet that is currently in use does not immediately affect system operation.


Changing the Password

A password change is effective immediately. The wallet is saved to the currently selected directory, with the new encrypted password.To change the password for the current open wallet:

  1. Choose Wallet > Change Password; the Change Wallet Password dialog box appears.
  2. Enter the existing wallet password.
  3. Enter the new password.

    See Also:

    Wallet Password Management, for password policy restrictions.

  4. Re-enter the new password.
  5. Choose OK.

A message at the bottom of the window confirms that the password was successfully changed.

Using Auto Login

The Oracle Wallet Manager Auto Login feature creates an obfuscated copy of the wallet and enables PKI-based access to services without a password until the Auto Login feature is disabled for the wallet. When Auto Login is enabled for a wallet, it is only available to the operating system user who created that wallet.

You must enable Auto Login if you want single sign-on access to multiple Oracle databases (disabled by default).

Enabling Auto Login

To enable Auto Login:

  1. Choose Wallet from the menu bar.
  2. Choose the check box next to the Autologin menu item; a message at the bottom of the window displays autologin enabled.

Disabling Auto Login

To disable Auto Login:

  1. Choose Wallet from the menu bar.
  2. Choose the check box next to the Auto Login menu item; a message at the bottom of the window displays autologin disabled.

Managing Certificates

Oracle Wallet Manager uses two kinds of certificates: user certificates and trusted certificates. This section describes how to manage both certificate types, in the following subsections:

Managing User Certificates

Managing user certificates involves the following tasks:

Adding a Certificate Request

You can use this task to add multiple certificate requests. Note that when creating multiple requests, Oracle Wallet Manager automatically populates each subsequent request dialog box with the content of the initial request--which you can then edit.

The actual certificate request becomes part of the wallet. You can reuse any certificate request to obtain a new certificate. However, you cannot edit an existing certificate request; store only a correctly filled out certificate request in a wallet.

To create a PKCS #10 certificate request:

  1. Choose Operations > Add Certificate Request; the Add Certificate Request dialog box appears.
  2. Enter the following information (Table 17-4):

    Table 17-4 Certificate Request: Fields and Descriptions
    Field Name Description

    Common Name

    Mandatory. Enter the name of the user's or service's identity. Enter a user's name in first name /last name format.

    Organizational Unit

    Optional. Enter the name of the identity's organizational unit. Example: Finance.

    Organization

    Optional.Enter the name of the identity's organization. Example: XYZ Corp.

    Locality/City

    Optional. Enter the name of the locality or city in which the identity resides.

    State/Province

    Optional. Enter the full name of the state or province in which the identity resides.

    Enter the full state name, because some certificate authorities do not accept two-letter abbreviations.

    Country

    Mandatory. Choose the drop-down list to view a list of country abbreviations. Select the country in which the organization is located.

    Key Size

    Mandatory. Choose the drop-down box to view a list of key sizes to use when creating the public/private key pair. See Table 17-5 to evaluate key size.

    Advanced

    Optional. Choose Advanced to view the Advanced Certificate Request dialog panel. Use this field to edit or customize the identity's distinguished name (DN). For example, you can edit the full state name and locality.

    Table 17-5 Available Key Sizes
    Key Size Relative Security Level

    512

    Not regarded as secure.

    768

    Provides some security.

    1024

    Secure.

  3. Choose OK. An Oracle Wallet Manager dialog box informs you that a certificate request was successfully created. You can either copy the certificate request text from the body of this dialog panel and paste it into an e-mail message to send to a certificate authority, or you can export the certificate request to a file.

    See Also:

    Exporting a User Certificate Request

  4. Choose OK. You are returned to the Oracle Wallet Manager main window; the status of the certificate is changed to Requested.

Importing the User Certificate into the Wallet

You will receive an e-mail notification from the certificate authority informing you that your certificate request has been fulfilled. Import the certificate into a wallet in either of two ways: copy and paste the certificate from the e-mail you receive from the certificate authority, or import the user certificate from a file.

Pasting the Certificate

To paste the certificate:

  1. Copy the certificate text from the e-mail message or file you receive from the certificate authority. Include the lines Begin Certificate and End Certificate.
  2. Choose Operations > Import User Certificate from the menu bar; the Import Certificate dialog box appears.
  3. Choose the Paste the Certificate button, and choose OK; an Import Certificate dialog box appears with the following message:

    Please provide a base64 format certificate and paste it below.

  4. Paste the certificate into the dialog box, and choose OK. A message at the bottom of the window confirms that the certificate was successfully installed. You are returned to the Oracle Wallet Manager main panel, and the status of the corresponding entry in the left panel subtree changes to Ready.


    Keyboard shortcuts for copying and pasting certificates:
    • (UNIX) Use Control+Insert to copy, and use Shift+Insert to paste.
    • (Windows) Use Ctrl+c to copy, and use Ctrl+v to paste.

Selecting a File that Contains the Certificate

To select the file:

  1. Choose Operations > Import User Certificate from the menu bar.
  2. Choose the Select a file... certificate button, and choose OK; the Import Certificate dialog box appears.
  3. Enter the path or folder name of the certificate location.
  4. Select the name of the certificate file (for example, cert.txt).
  5. Choose OK. A message at the bottom of the window appears, to inform you that the certificate was successfully installed. You are returned to the Oracle Wallet Manager main panel, and the status of the corresponding entry in the left panel subtree changes to Ready.

Removing a User Certificate from a Wallet

  1. In the left panel subtree, select the certificate that you want to delete.
  2. Choose Operations > Remove User Certificate; a dialog panel appears and prompts you to verify that you want to remove the user certificate from the wallet.
  3. Choose Yes; you are returned to the Oracle Wallet Manager main panel, and the certificate displays a status of Requested.

Removing a Certificate Request

To remove a certificate request:

  1. In the left panel subtree, select the certificate request that you want to delete.
  2. Choose Operations Menu.
  3. Select menu item Remove Certificate Request.


    Note:

    You must remove a certificate before removing its associated request.


Exporting a User Certificate

Save the certificate in a file system directory when you elect to export a certificate:

  1. In the left panel subtree, select the certificate that you want to export.
  2. Choose Operations > Export User Certificate from the menu bar; the Export Certificate dialog box appears.
  3. Enter the file system directory to save your certificate in, or navigate to the directory structure under Folders.
  4. Enter a file name to save your certificate, in the Enter File Name field.
  5. Choose OK. A message at the bottom of the window confirms that the certificate was successfully exported to the file. You are returned to the Oracle Wallet Manager main window.

Exporting a User Certificate Request

Save the certificate request in a file system directory when you elect to export a certificate request:

  1. In the left panel subtree, select the certificate request that you want to export.
  2. Choose Operations > Export Certificate Request from the menu bar; the Export Certificate Request dialog box appears.
  3. Enter the file system directory in which you want to save your certificate request, or navigate to the directory structure under Folders.
  4. Enter a file name to save your certificate request, in the Enter File Name field.
  5. Choose OK. A message at the bottom of the window confirms that the certificate request was successfully exported to the file. You are returned to the Oracle Wallet Manager main window.

Managing Trusted Certificates

Managing trusted certificates includes the following tasks:

Importing a Trusted Certificate

You can import a trusted certificate into a wallet in either of two ways: paste the trusted certificate from an e-mail that you receive from the certificate authority, or import the trusted certificate from a file.

Oracle Wallet Manager automatically installs trusted certificates from VeriSign, RSA, Entrust, and GTE CyberTrust when you create a new wallet.

Pasting the Trusted Certificate

To paste the trusted certificate:

  1. Choose Operations > Import Trusted Certificate from the menu bar; the Import Trusted Certificate dialog panel appears.
  2. Choose the Paste the Certificate button, and choose OK. An Import Trusted Certificate dialog panel appears with the following message:

    Please provide a base64 format certificate and paste it below.

  3. Copy the trusted certificate from the body of the e-mail message you received that contained the user certificate. Include the lines Begin Certificate and End Certificate.
  4. Paste the certificate into the window, and Choose OK. A message at the bottom of the window informs you that the trusted certificate was successfully installed.
  5. Choose OK; you are returned to the Oracle Wallet Manager main panel, and the trusted certificate appears at the bottom of the Trusted Certificates tree.


    Keyboard shortcuts for copying and pasting certificates:
    • (UNIX) Use Control+Insert to copy, and use Shift+Insert to paste.
    • (Windows) Use Ctrl+c to copy, and use Ctrl+v to paste.

Selecting a File that Contains the Trusted Certificate

To select the file:

  1. Choose Operations > Import Trusted Certificate from the menu bar. The Import Trusted Certificate dialog panel appears.
  2. Enter the path or folder name of the trusted certificate location.
  3. Select the name of the trusted certificate file (for example, cert.txt).
  4. Choose OK. A message at the bottom of the window informs you that the trusted certificate was successfully imported into the wallet.
  5. Choose OK to exit the dialog panel; you are returned to the Oracle Wallet Manager main panel, and the trusted certificate appears at the bottom of the Trusted Certificates tree.

Removing a Trusted Certificate

To remove a trusted certificate from a wallet:

  1. Select the trusted certificate listed in the Trusted Certificates tree.
  2. Choose Operations > Remove Trusted Certificate from the menu bar.

    A dialog panel warns you that your user certificate will no longer be verifiable by its recipients if you remove the trusted certificate that was used to sign it.

  3. Choose Yes; the selected trusted certificate is removed from the Trusted Certificates tree.


    Note:

    A certificate that is signed by a trusted certificate is no longer verifiable when you remove it from your wallet.

    Also, you cannot remove a trusted certificate if it has been used to sign a user certificate that is still present in the wallet. To remove such a trusted certificate, you must first remove the certificates that it has signed.


Exporting a Trusted Certificate

To export a trusted certificate to another file system location:

  1. In the left panel subtree, select the trusted certificate that you want to export.
  2. Select Operations > Export Trusted Certificate; the Export Trusted Certificate dialog box appears.
  3. Enter a file system directory in which you want to save your trusted certificate, or navigate to the directory structure under Folders.
  4. Enter a file name to save your trusted certificate.
  5. Choose OK; you are returned to the Oracle Wallet Manager main window.

Exporting All Trusted Certificates

To export all of your trusted certificates to another file system location:

  1. Choose Operations > Export All Trusted Certificates. The Export Trusted Certificate dialog box appears.
  2. Enter a file system directory in which you want to save your trusted certificate, or navigate to the directory structure under Folders.
  3. Enter a file name to save your trusted certificates.
  4. Choose OK; you are returned to the Oracle Wallet Manager main window.

Exporting a Wallet

You can export a wallet to text-based PKI formats. Individual components are formatted according to the following standards (Table 17-6). Within the wallet, only those certificates with key usage SSL are exported with the wallet.

Table 17-6 PKI Wallet Encoding Standards
Component Encoding Standard

Certificate chains

X509v3

Trusted certificates

X509v3

Private keys

PKCS #8


Go to previous page Go to next page
Oracle
Copyright © 1996, 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback