I have created a script to add trusted certificate chains to an orapki wallet from the Linux command line, and there is no web browser needed. It reads sites from a list and adds the certificate chains of those sites to an
orapki (auto login) wallet.
Start the script with
./certs_to_wallet.sh <path to wallet> . This will prompt you for a NEW wallet (auto login) creation. The old wallet will be backed-up. In case of permission of password errors, the backup will be restored.
It reads a
wallet_sites.lst file from the current directory or the wallet directory. The wallet directory takes preference, so you can have a list of sites per wallet. A site per line will be processed and the certificate chain will be added to the given wallet (the last line should be empty).
The site’s user certificate is not added as this is not a ‘trusted’ certificate and should avoid ORA-29024 errors for some products. It’s not needed in the wallet as user certificate either for checking the certificate chain.
Please feel free to adapt the script to your own needs. Rename to ‘.sh’.
# Add sites to this list and they will be added to the specified wallet # If no port is specified, 443 will be used oracle48.nl:443 www.transfer-solutions.com:443
[oracle@lara chain]$ ./certs_to_wallet.sh /u01/app/oracle/wallet Passwords must have a minimum length of eight characters and contain alphabetic characters combined with numbers or special characters Password for new wallet: Backing-up wallet to /u01/app/oracle/wallet/ewallet.p12.20201130110848 Backing-up auto_login to /u01/app/oracle/wallet/cwallet.sso.20201130110848 Creating new wallet Getting certificate chain from: oracle48.nl:443 Adding ./oracle48.nl.certs.01 Getting certificate chain from: www.transfer-solutions.com:443 Adding ./www.transfer-solutions.com.certs.01 Adding ./www.transfer-solutions.com.certs.02 Oracle PKI Tool Release 126.96.36.199.0 - Production Version 188.8.131.52.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Trusted Certificates: Subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US Subject: CN=GlobalSign RSA DV SSL CA 2018,O=GlobalSign nv-sa,C=BE Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 Done
Thats it, have fun!