oracle-wallet
wallet 用於儲存證書/密碼的容器,管理工具包括:orapki和OWM。
測試如下:
1,獲取幫助
[oracle@bnet95 ~]$ mkdir orapki
[oracle@bnet95 ~]$ cd orapki
[oracle@bnet95 orapki]$ orapki
orapki [crl|wallet|cert|help]
[oracle@bnet95 orapki]$ orapki wallet help
wallet:
create [-wallet [wallet]] [-auto_login] [-pwd
display [-wallet [wallet]] [-pwd
add [-wallet [wallet]]
[-trusted_cert|-user_cert]> [-pwd
export [-wallet [wallet]] [-pwd
export_trust_chain [-wallet
p11_add [-wallet
p11_verify [-wallet
help
[oracle@bnet95 orapki]$ orapki cert help
cert:
display [-cert [url|filename]]
create [-wallet [wallet]] [-request [url|filename]] [-cert [filename]]
[-validity [days]] [-pwd
help
[oracle@bnet95 orapki]$ orapki crl help
crl:
display [-crl [url|filename]] [-pwd
hash [-crl [url|filename]]
[-pwd
upload [-crl [url|filename]] [-ldap [host:port]] [-user [user]]
[-pwd
list [-ldap [host:port]]
delete [-issuer [ [issuer]] [-ldap [host:port]] [-user [user]]
help
2,建立wallet
[oracle@bnet95 orapki]$ orapki wallet create -wallet ./wallets
Enter password: [123456]
Enter password again:
[oracle@bnet95 orapki]$ ls -lrt
total 4
drwx------ 2 oracle oinstall 4096 Oct 11 09:19 wallets
[oracle@bnet95 orapki]$ ls -lrt wallets
total 8
-rw------- 1 oracle oinstall 7912 Oct 11 09:19 ewallet.p12
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net,C=US
3,建立自簽名證書
[oracle@bnet95 orapki]$ orapki wallet add -wallet ./wallets -dn "CN=dbasecurity Root,O=dbasecurity,C=US" -self_signed -validity 365 -keysize 1024
Enter wallet password:
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:1
Requested Certificates:
User Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net,C=US
4,建立證書請求
[oracle@bnet95 orapki]$ orapki wallet add -wallet ./wallets -dn "CN=dbasecurity Root,O=dbasecurity,C=US" -keysize 1024
Enter wallet password:
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:
Requested Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
User Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net,C=US
--匯出
[oracle@bnet95 orapki]$ orapki wallet export -wallet ./wallets -dn "CN=dbasecurity Root,O=dbasecurity,C=US" -request ./ronb.req
Enter wallet password:
[oracle@bnet95 orapki]$ ls -lrt
total 8
drwx------ 2 oracle oinstall 4096 Oct 11 09:19 wallets
-rw------- 1 oracle oinstall 600 Oct 11 09:42 ronb.req
5,簽名證書
[oracle@bnet95 orapki]$ orapki cert create -wallet ./wallets -request ./ronb.req -cert ./ronb.cert -validity 365
Enter wallet password:
[oracle@bnet95 orapki]$ ls -lrt
total 12
drwx------ 2 oracle oinstall 4096 Oct 11 09:19 wallets
-rw------- 1 oracle oinstall 600 Oct 11 09:42 ronb.req
-rw------- 1 oracle oinstall 722 Oct 11 09:44 ronb.cert
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:
Requested Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
User Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net,C=US
[oracle@bnet95 orapki]$ cat ronb.req
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBfTCB5wIBADA+MQswCQYDVQQGEwJVUzEUMBIGA1UEChMLZGJhc2Vjd**dHkxGTAXBgNVBAMT
EGRiYXNlY3VyaXR5IFJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqICk+vHMexB1Xb
ic92vJSvOoVUV2NaYDsGcXjhZZvfXXAiAnllmE7OfVBNX7jsgXsA+1j0LS2l1IzpQpl/T1ECYNAa
gS3MD6b+qpuSRHtjKx9dC90M3w3US3EE3XiAZ2NErNoFx5HKfJZ4lCw0/lgTbhvXZ8Zew7ltJouX
hQovAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAFdcRn9F4k2Bwg1KiFlSTLXTpahpxWk74+hhvF
ZlS3uSBufC9TI4c6lrQzameCbHpkjLXO4cWd4rDwm799rr63vaLpF9DRnszH6Kh8D7cfj9VpoDIP
ql3+vVepY/YmasacFuwiilE76DIRNu/q/zOQCA78xjdNnCmN3K+CxGyEZA==
-----END NEW CERTIFICATE REQUEST-----
[oracle@bnet95 orapki]$ cat ronb.cert
-----BEGIN CERTIFICATE-----
MIIB6zCCAVQCAQAwDQYJKoZIhvcNAQEEBQAwPjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC2RiYXNl
Y3VyaXR5MRkwFwYDVQQDExBkYmFzZWN1cml0eSBSb290MB4XDTEzMTAxMTAxNDQwMFoXDTE0MTAx
MTAxNDQwMFowPjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC2RiYXNlY3VyaXR5MRkwFwYDVQQDExBk
YmFzZWN1cml0eSBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKiApPrxzHsQdV24nP
dryUrzqFVFdjWmA7BnF44WWb311wIgJ5ZZhOzn1QTV+47IF7APtY9C0tpdSM6UKZf09RAmDQGoEt
zA+m/qqbkkR7YysfXQvdDN8N1EtxBN14gGdjRKzaBceRynyWeJQsNP5YE24b12fGXsO5bSaLl4UK
LwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAJeoK/OFIkgn0ctZgjcPY2x15j+uxliLLk+b5Am9kafg
GKYAPo6htnTdI+tsafSTJGRDul7pJ6ldgtQpz9wj4qRn2xN/46DZ4xeOOPdQvI9ezpH3FpTECDBb
+23kVt2mGvLkGXwlTq3je3WGQM/K1c1mlU3GBQBpNNKeZ0aWC3m/
-----END CERTIFICATE-----
6,新增證書到wallet
--add the cert into wallet
[oracle@bnet95 orapki]$ orapki wallet add -wallet ./wallets -user_cert -cert ./ronb.cert
Enter wallet password:
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:
Requested Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
User Certificates:
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=dbasecurity Root,O=dbasecurity,C=US
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU= incorp. by ref. (limits liab.),O=Entrust.net,C=US
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/18922393/viewspace-1069664/,如需轉載,請註明出處,否則將追究法律責任。