SSL installation in Oracle using Oracle Wallet Manager

This document provide installation instructions for Oracle Wallet Manager. If you are not able to perform the steps on the server, we recommend  to contact Oracle.

 Import the Root and Intermediate CA Certificates

         NOTE: You must add all trusted certificates in the certificate chain of a user certificate before adding a user certificate, or the command
         to add the user certificate will fail.

1. Open Oracle Wallet Manager
2. Select Operations > Import Trusted Certificate
3. Import the Root CA certificate
4. Select Paste the Certificate
5. Click OK
6. Paste the certificate into the text box
7. Click OK
8. A message at the bottom of the window confirms that the trusted certificate was successfully installed.
9. Save changes to the Wallet after importing the Trusted Root Certificate and before closing the Wallet. 
10. Repeat these steps to install the Intermediate CA certificate.
     

 Import the SSL Certificate

1. From the Operations menu, click Import User Certificate. The Import Certificate dialog box appears.
2. Click Paste the certificate, and then click OK.
3. Another Import Certificate dialog box appears with the following message:
   "Please provide a base64 format certificate and paste it below. Paste the certificate into the dialog box, and choose OK."
4. Click OK.
5. When this is completed a message at the bottom of the window confirms that the certificate was successfully installed.
6. The Oracle Wallet Manager main window reappears, and the status of the corresponding entry in the left panel subtree changes to Ready.
   
   NOTE: If the above method does not work then create a new wallet in wallet manager, generate a new CSR and repeat the steps above.

During the certificate installation you might receive following error: 
"User certificate import has failed because the CA certificate does not exist".

Problem

When trying to install an SSL certificate with Oracle wallet manager, you receive the following error:

Cause

The following issues can cause this error:

• The wallet is missing the correct root certificate
• The wallet is missing the correct intermediate certificate
• There is no matching certificate request found
• The SSL certificate was signed using the SHA2 (SHA-256) Signature Algorithm

Solution

Troubleshooting a missing Root or Intermediate CA: 

To resolve this issue, download and install respective  Root and Intermediate Certificate Authority (CA) Certificate from here

Troubleshooting a Certificate Mismatch:

If the correct Root and Intermediate CA have been imported and the error continues, more than likely the issue is due to a certificate request mis-match. 

In order to resolve this, the correct certificate request must be located to install the corresponding certificate. 

NOTE: If this is not possible, a new Wallet should be created along with a new Certificate Signing Request. 
The new CSR should then be submitted for a replacement certificate. 
 

Troubleshooting an SSL Certificate signed using the SHA2 (SHA-256) Signature Algorithm

Oracle Wallet Manager 10.x.x.x does not support SSL certificates signed with a SHA2 Signature Algorithm.  In order to support SHA2 certificates, you will need to upgrade to Oracle Wallet Manager 11.2.0.1.