Tuesday, April 30, 2024

Extract Private Key from oracle wallet

 To Extract Private Key from a wallet we would need orapki keytool and openssl.

<<<<<<<<<< Display the contents of the wallet using orapki >>>>>>>>>

/<fmw_home>/oracle_common/bin/orapki wallet display -wallet /<domain_home>config/fmwconfig/components/OHS/instances/ohs1/keystores/wallet/cwallet.sso


<<<<<<<<<<<< copy the wallet to new location say /tmp/robin/wallet >>>>>>>>>>>

convert from pkcs12 to jks and provide password

/<fmw_home>/oracle_common/bin/orapki wallet pkcs12_to_jks -wallet /tmp/robin/wallet -jksKeyStoreLoc /tmp/robin/ewallet.jks 


welcome1

 

<<<<<<<<<<<< <<<<< import keystore >>>>>>>>>>>>>>>>>>>>>>>>

keytool -importkeystore -srckeystore /tmp/robin/ewallet.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore /tmp/robin/result/ewallet.p12


<<<<<<<<<<<<<<<<<< private key will be in r.txt >>>>>>>>>>>>>>>>>>>>>>>>>>>>

openssl pkcs12 -in /tmp/robin/result/ewallet.p12 -passin pass:welcome1 -out /tmp/robin/result/r.txt -nodes


Posted by at No comments:

Friday, April 19, 2024

OHS not starting due to cert issue

 ERROR MSG:

<date> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
This Exception occurred at <date>.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
Error: Error occurred while performing nmConnect : Cannot connect to Node Manager. : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
Use dumpStack() to view the full stacktrace :

FACTS:

1. Nodemanager is running in SSL mode

2.OHS is configured to run on SSL mode

3. OHS uses wallet with default self signed cert

Solution:

<<<<<<<<TO DISPLAY the contents of the WALLET>

oracle_home/oracle_common/bin/orapki wallet display -wallet domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default/cwallet.sso

<<<<<<<<< export cert to a file >>>>>>>>>>
oracle_home/oracle_common/bin/orapki wallet export -wallet . -dn "CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY" -cert domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/cert.txt

<<<<< read the cert in a file to check expiry of cert >>>>>>>>>

cd domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystore
/oracle_home/oracle_common/bin/orapki cert display -cert cert.txt -complete

<<<<<<<< take a backup of .sso and create a new wallet >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
oracle_home/oracle_common/bin/orapki wallet create -wallet domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default/wallet -auto_login_only

<<<<<<<<<<<<<<<<<<<<< add new cert to the wallet (self signed cert) >>>>>>>>>>>>>>
oracle_home/oracle_common/bin/orapki wallet add -wallet domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default -dn "CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY" -keysize 2048 -self_signed -validity 3650 -auto_login_only


start the ohs

Posted by at No comments:
Subscribe to: Posts (Atom)