Simple wallet creation

In the previous example UTL_HTTP and TLS on 12c we created a wallet. Here is the short sequence for creating the wallet.

# sequence to generate wallet
#
# tested with a single (1) chain certificate; 
# the process is equal where multiple chains certificates are involved: add all the chains
#

# define the server we like to use
myserverCN=www.oracle.com
myWalletLocation=$ORACLE_HOME/wallet/$myserverCN
myWalletPassword=Welcome1

# fetch server cer
openssl s_client -connect $myserverCN:443 -showcerts </dev/null &> /tmp/request

# extract chain cer
beginCer=$( grep -n 'BEGIN CERTIFICATE' /tmp/request |tail -1|awk -F: '{print $1}' )
endCer=$( grep -n 'END CERTIFICATE' /tmp/request |tail -1|awk -F: '{print $1}' )
cerLength=$[ $endCer - $beginCer + 1 ]
head -$endCer /tmp/request |tail -$cerLength > /tmp/chain.cer

# resolve root cer
rootIssuer=$( head -1 /tmp/request |awk -F'CN = ' '{print "CN="$2}' )
# our stored root certs
openssl crl2pkcs7 -nocrl -certfile /etc/pki/tls/certs/ca-bundle.crt | openssl pkcs7 -print_certs -text -noout|grep 'Issuer:' > /tmp/issuers.out
# our root cer is in the bundle the Xth certificate
nthIssuerInBundle=$( grep -n "$rootIssuer" /tmp/issuers.out | awk -F: '{print $1}' )
beginCer=$( grep -n  'BEGIN CERTIFICATE' /etc/pki/tls/certs/ca-bundle.crt | head -$nthIssuerInBundle |tail -1|awk -F: '{print $1}' )
endCer=$( grep -n  'END CERTIFICATE' /etc/pki/tls/certs/ca-bundle.crt | head -$nthIssuerInBundle |tail -1 |awk -F: '{print $1}' )
cerLength=$[ $endCer - $beginCer + 1 ]
head -$endCer /etc/pki/tls/certs/ca-bundle.crt |tail -$cerLength > /tmp/root.cer

# create the wallet
orapki wallet create -wallet $myWalletLocation -auto_login -pwd $myWalletPassword
# add the chain
orapki wallet add -wallet $myWalletLocation -trusted_cert -cert /tmp/chain.cer -pwd $myWalletPassword
# add the root
orapki wallet add -wallet $myWalletLocation -trusted_cert -cert /tmp/root.cer -pwd $myWalletPassword
# display the resulting wallet contents
orapki wallet display -wallet $myWalletLocation -pwd Welcome1

No comments:

example: utl_http and SSL/TLS on 12c #2

Simple wallet creation

In the previous example UTL_HTTP and TLS on 12c we created a wallet. Here is the short sequence for creating the wallet.

# sequence to generate wallet
#
# tested with a single (1) chain certificate; 
# the process is equal where multiple chains certificates are involved: add all the chains
#

# define the server we like to use
myserverCN=www.oracle.com
myWalletLocation=$ORACLE_HOME/wallet/$myserverCN
myWalletPassword=Welcome1

# fetch server cer
openssl s_client -connect $myserverCN:443 -showcerts </dev/null &> /tmp/request

# extract chain cer
beginCer=$( grep -n 'BEGIN CERTIFICATE' /tmp/request |tail -1|awk -F: '{print $1}' )
endCer=$( grep -n 'END CERTIFICATE' /tmp/request |tail -1|awk -F: '{print $1}' )
cerLength=$[ $endCer - $beginCer + 1 ]
head -$endCer /tmp/request |tail -$cerLength > /tmp/chain.cer

# resolve root cer
rootIssuer=$( head -1 /tmp/request |awk -F'CN = ' '{print "CN="$2}' )
# our stored root certs
openssl crl2pkcs7 -nocrl -certfile /etc/pki/tls/certs/ca-bundle.crt | openssl pkcs7 -print_certs -text -noout|grep 'Issuer:' > /tmp/issuers.out
# our root cer is in the bundle the Xth certificate
nthIssuerInBundle=$( grep -n "$rootIssuer" /tmp/issuers.out | awk -F: '{print $1}' )
beginCer=$( grep -n  'BEGIN CERTIFICATE' /etc/pki/tls/certs/ca-bundle.crt | head -$nthIssuerInBundle |tail -1|awk -F: '{print $1}' )
endCer=$( grep -n  'END CERTIFICATE' /etc/pki/tls/certs/ca-bundle.crt | head -$nthIssuerInBundle |tail -1 |awk -F: '{print $1}' )
cerLength=$[ $endCer - $beginCer + 1 ]
head -$endCer /etc/pki/tls/certs/ca-bundle.crt |tail -$cerLength > /tmp/root.cer

# create the wallet
orapki wallet create -wallet $myWalletLocation -auto_login -pwd $myWalletPassword
# add the chain
orapki wallet add -wallet $myWalletLocation -trusted_cert -cert /tmp/chain.cer -pwd $myWalletPassword
# add the root
orapki wallet add -wallet $myWalletLocation -trusted_cert -cert /tmp/root.cer -pwd $myWalletPassword
# display the resulting wallet contents
orapki wallet display -wallet $myWalletLocation -pwd Welcome1

Oracle Technology Blog

Thursday 2 March 2017

example: utl_http and SSL/TLS on 12c #2

Simple wallet creation

No comments:

Post a Comment

Thursday 2 March 2017

example: utl_http and SSL/TLS on 12c #2

Simple wallet creation

No comments:

Post a Comment