Bash script: Trusted certificate chains to orapki wallet

I have created a script to add trusted certificate chains to an orapki wallet from the Linux command line, and there is no web browser needed. It reads sites from a list and adds the certificate chains of those sites to an orapki (auto login) wallet.


Start the script with ./ <path to wallet> . This will prompt you for a NEW wallet (auto login) creation. The old wallet will be backed-up. In case of permission of password errors, the backup will be restored.

It reads a wallet_sites.lst file from the current directory or the wallet directory. The wallet directory takes preference, so you can have a list of sites per wallet. A site per line will be processed and the certificate chain will be added to the given wallet (the last line should be empty).

The site’s user certificate is not added as this is not a ‘trusted’ certificate and should avoid ORA-29024 errors for some products. It’s not needed in the wallet as user certificate either for checking the certificate chain.


Please feel free to adapt the script to your own needs. Rename to ‘.sh’.


# Add sites to this list and they will be added to the specified wallet
# If no port is specified, 443 will be used


[oracle@lara chain]$ ./ /u01/app/oracle/wallet
Passwords must have a minimum length of eight characters and contain alphabetic characters combined with numbers or special characters
Password for new wallet:
Backing-up wallet to /u01/app/oracle/wallet/ewallet.p12.20201130110848
Backing-up auto_login to /u01/app/oracle/wallet/cwallet.sso.20201130110848
Creating new wallet
Getting certificate chain from:
Adding ./
Getting certificate chain from:
Adding ./
Adding ./
Oracle PKI Tool Release - Production
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
Subject: CN=GlobalSign RSA DV SSL CA 2018,O=GlobalSign nv-sa,C=BE
Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3

Thats it, have fun!

Tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.