1. Utilities
  2. Other Utilities
  3. DBMS_CLOUD Family of Packages
  4. Create SSL Wallet with Certificates

20.3 Create SSL Wallet with Certificates

To access HTTP URIs and Object Stores safely from within your database, you must create a wallet with the appropriate certificates.

You must manually install the appropriate certificates in a wallet to access the DBMS_CLOUD family of packages. The certificates are not part of the Oracle Database distribution. You can download the necessary certificates from the following site:

https://objectstorage.us-phoenix-1.oraclecloud.com/p/KB63IAuDCGhz_azOVQ07Qa_mxL3bGrFh1dtsltreRJPbmb-VwsH2aQ4Pur2ADBMA/n/adwcdemo/b/CERTS/o/dbc_certs.tar

The security wallet must have the following properties.

  • The wallet must be created with auto-login capabilities.
  • On Oracle Real Application Clusters (Oracle RAC) installations, the wallet must either be accessible for all nodes centrally, or you must create the wallet on all nodes for local wallet storage.

Oracle recommends that you store the SSL wallet in an equivalent location. In the following SSL wallet creation example, we assume that the SSL wallet is in the location /u01/app/oracle/dcs/commonstore/wallets/ssl, and you have unmpacked the certificates in the path /home/oracle/dbc: 

cd /u01/app/oracle/dcs/commonstore/wallets/ssl
orapki wallet create -wallet . -pwd your_chosen_wallet_pw -auto_login
 
#! /bin/bash
for i in $(ls /home/oracle/dbc/*cer)
do
orapki wallet add -wallet . -trusted_cert -cert $i -pwd SSL Wallet password
done

Note:

If you are already having a wallet for SSL certificates, then you do not have to create a new wallet. Instead, you can add the required certificates to the existing wallet.

Oracle recommends that you check the certificate location. For example:


cd /u01/app/oracle/dcs/commonstore/wallets/ssl
orapki wallet display -wallet .

The following is an excerpt of what you should see in the certificate wallet. Note that this is not the complete list of all certificates: 


[oracle@mydb ssl]$ orapki wallet display -wallet .
 
Oracle PKI Tool Release 21.0.0.0.0 - ProductionVersion 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
 
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Parent topic: DBMS_CLOUD Family of Packages