ITPub博客

首页 > 数据库 > Oracle > oracle-wallet

oracle-wallet

原创 Oracle 作者:redhouser 时间:2014-01-12 08:38:43 0 删除 编辑

wallet 用于存储证书/密码的容器,管理工具包括:orapki和OWM。

测试如下:
1,获取帮助
[oracle@bnet95 ~]$ mkdir orapki
[oracle@bnet95 ~]$ cd orapki
[oracle@bnet95 orapki]$ orapki
orapki [crl|wallet|cert|help]

[oracle@bnet95 orapki]$ orapki wallet help
wallet:
create [-wallet [wallet]] [-auto_login] [-pwd ]
display [-wallet [wallet]] <-summary> [-pwd ]
add [-wallet [wallet]] <[-keysize [512|1024|2048]] [-dn [dn]]
     <-self_signed [-validity [days]> <[-cert [filename]]
     [-trusted_cert|-user_cert]> [-pwd ]
export [-wallet [wallet]] <-cert [filename]> <-request [filename]> [-pwd ]
export_trust_chain [-wallet ] -certchain [-dn ] [-pwd ]
p11_add [-wallet ] -p11_lib [-p11_tokenlabel ] [-p11_tokenpw ] [-p11_certlabel ] [-pwd ]
p11_verify [-wallet ] [-pwd ]
help

[oracle@bnet95 orapki]$ orapki cert help
cert:
display [-cert [url|filename]] <-summary> <-complete>
create [-wallet [wallet]] [-request [url|filename]] [-cert [filename]]
     [-validity [days]] <-summary> [-pwd ]
help

[oracle@bnet95 orapki]$ orapki crl help
crl:
display [-crl [url|filename]] <-wallet [wallet]> <-summary> <-complete> [-pwd ]
hash [-crl [url|filename]] <-wallet [wallet]> <-symlink [directory]>
     <-copy [directory]> <-summary> [-pwd ]
upload [-crl [url|filename]] [-ldap [host:port]] [-user [user]]
     <-wallet [wallet]> <-summary> [-pwd ]
list [-ldap [host:port]]
delete [-issuer [ [issuer]] [-ldap [host:port]] [-user [user]]
     <-wallet [wallet]> <-summary>
help


2,创建wallet
[oracle@bnet95 orapki]$ orapki wallet create -wallet ./wallets
Enter password:   [123456]
  
Enter password again:   
[oracle@bnet95 orapki]$ ls -lrt
total 4
drwx------ 2 oracle oinstall 4096 Oct 11 09:19 wallets

[oracle@bnet95 orapki]$ ls -lrt wallets
total 8
-rw------- 1 oracle oinstall 7912 Oct 11 09:19 ewallet.p12


[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:   
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US


3,创建自签名证书

[oracle@bnet95 orapki]$ orapki wallet add -wallet ./wallets -dn "CN=dbasecurity Root,O=dbasecurity,C=US" -self_signed -validity 365 -keysize 1024
Enter wallet password:      


[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:1    
Requested Certificates:
User Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US


4,创建证书请求
[oracle@bnet95 orapki]$ orapki wallet add -wallet ./wallets -dn "CN=dbasecurity Root,O=dbasecurity,C=US" -keysize 1024
Enter wallet password:  
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:    
  
Requested Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
User Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US


--导出
[oracle@bnet95 orapki]$ orapki wallet export -wallet ./wallets  -dn "CN=dbasecurity Root,O=dbasecurity,C=US" -request ./ronb.req
Enter wallet password:    
[oracle@bnet95 orapki]$ ls -lrt
total 8
drwx------ 2 oracle oinstall 4096 Oct 11 09:19 wallets
-rw------- 1 oracle oinstall  600 Oct 11 09:42 ronb.req


5,签名证书
[oracle@bnet95 orapki]$ orapki cert create -wallet ./wallets -request ./ronb.req -cert ./ronb.cert -validity 365
Enter wallet password:   
[oracle@bnet95 orapki]$ ls -lrt
total 12
drwx------ 2 oracle oinstall 4096 Oct 11 09:19 wallets
-rw------- 1 oracle oinstall  600 Oct 11 09:42 ronb.req
-rw------- 1 oracle oinstall  722 Oct 11 09:44 ronb.cert


[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:     
Requested Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
User Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US


[oracle@bnet95 orapki]$ cat ronb.req
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBfTCB5wIBADA+MQswCQYDVQQGEwJVUzEUMBIGA1UEChMLZGJhc2Vjd**dHkxGTAXBgNVBAMT
EGRiYXNlY3VyaXR5IFJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqICk+vHMexB1Xb
ic92vJSvOoVUV2NaYDsGcXjhZZvfXXAiAnllmE7OfVBNX7jsgXsA+1j0LS2l1IzpQpl/T1ECYNAa
gS3MD6b+qpuSRHtjKx9dC90M3w3US3EE3XiAZ2NErNoFx5HKfJZ4lCw0/lgTbhvXZ8Zew7ltJouX
hQovAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAFdcRn9F4k2Bwg1KiFlSTLXTpahpxWk74+hhvF
ZlS3uSBufC9TI4c6lrQzameCbHpkjLXO4cWd4rDwm799rr63vaLpF9DRnszH6Kh8D7cfj9VpoDIP
ql3+vVepY/YmasacFuwiilE76DIRNu/q/zOQCA78xjdNnCmN3K+CxGyEZA==
-----END NEW CERTIFICATE REQUEST-----

[oracle@bnet95 orapki]$ cat ronb.cert
-----BEGIN CERTIFICATE-----
MIIB6zCCAVQCAQAwDQYJKoZIhvcNAQEEBQAwPjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC2RiYXNl
Y3VyaXR5MRkwFwYDVQQDExBkYmFzZWN1cml0eSBSb290MB4XDTEzMTAxMTAxNDQwMFoXDTE0MTAx
MTAxNDQwMFowPjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC2RiYXNlY3VyaXR5MRkwFwYDVQQDExBk
YmFzZWN1cml0eSBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKiApPrxzHsQdV24nP
dryUrzqFVFdjWmA7BnF44WWb311wIgJ5ZZhOzn1QTV+47IF7APtY9C0tpdSM6UKZf09RAmDQGoEt
zA+m/qqbkkR7YysfXQvdDN8N1EtxBN14gGdjRKzaBceRynyWeJQsNP5YE24b12fGXsO5bSaLl4UK
LwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAJeoK/OFIkgn0ctZgjcPY2x15j+uxliLLk+b5Am9kafg
GKYAPo6htnTdI+tsafSTJGRDul7pJ6ldgtQpz9wj4qRn2xN/46DZ4xeOOPdQvI9ezpH3FpTECDBb
+23kVt2mGvLkGXwlTq3je3WGQM/K1c1mlU3GBQBpNNKeZ0aWC3m/
-----END CERTIFICATE-----


6,添加证书到wallet
--add the cert into wallet
[oracle@bnet95 orapki]$ orapki wallet add -wallet ./wallets -user_cert -cert ./ronb.cert
Enter wallet password:     
  
[oracle@bnet95 orapki]$ orapki wallet display -wallet ./wallets
Enter wallet password:   
Requested Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
User Certificates:
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Trusted Certificates:
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=dbasecurity Root,O=dbasecurity,C=US
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/18922393/viewspace-1069664/,如需转载,请注明出处,否则将追究法律责任。

上一篇: TM LOCK MODE
请登录后发表评论 登录
全部评论

注册时间:2011-05-26

  • 博文量
    211
  • 访问量
    806008