Oracle Wallet Manager enables you to store multiple certificates in each wallet, supporting any of the following Oracle PKI certificate usages:
SSL authentication
S/MIME signature
S/MIME encryption
Code-Signing
CA Certificate Signing
Each certificate request you create generates a unique private/public key pair. The private key stays in the wallet and the public key is sent with the request to a certificate authority. When that certificate authority generates your certificate and signs it, you can import it only into the wallet that has the corresponding private key.
If the wallet also contains a separate certificate request, the private/public key pair corresponding to that request is of course different from the pair for the first certificate request. Sending this separate certificate request to a certificate authority can get you a separate signed certificate, which you can import into this same wallet
A single certificate request can be sent to a certificate authority multiple times to obtain multiple certificates. However, only one certificate corresponding to that certificate request can be installed in the wallet.
Oracle Wallet Manager uses the X.509 Version 3 KeyUsage
extension to define Oracle PKI certificate usages (Table 6-1). A single certificate cannot be applied to all possible certificate usages. Table 6-2 and Table 6-3 show legal usage combinations.
|
When installing a certificate, Oracle Wallet Manager maps the KeyUsage
extension values to Oracle PKI certificate usages as specified in Table 6-2 and Table 6-3.
Table 6-3 Oracle Wallet Manager Import of Trusted Certificates to an Oracle Wallet
|
You should obtain, from the certificate authority, certificates with the correct KeyUsage
value matching your required Oracle PKI certificate usage. A single wallet can contain multiple key pairs for the same usage. Each certificate can support multiple Oracle PKI certificate usages, as indicated by Table 6-2 and Table 6-3. Oracle PKI applications use the first certificate containing the required PKI certificate usage.
For example, for SSL usage, the first certificate containing the SSL Oracle PKI certificate usage is used.
If you do not have a certificate with SSL usage, then an ORA-28885
error (No certificate with required key usage found
) is returned.