About Oracle Wallet Manager – Introduction
Security administrators use Oracle Wallet Manager to manage public key security credentials on Oracle clients and servers. The wallets it creates can be read by Oracle Database, Oracle Application Server 10g, and the Oracle Identity Management infrastructure.
Oracle Wallet Manager Overview
Oracle Wallet Manager is an application that wallet owners use to manage and edit the security credentials in their Oracle wallets. A wallet is a password-protected container used to store authentication and signing credentials, including private keys, certificates, and trusted certificates needed by SSL. You can use Oracle Wallet Manager to perform the following tasks:
- Generating certificate requests
- Opening wallets to access PKI-based services
- Saving credentials to hardware security modules, by using APIs that comply with the Public-Key Cryptography Standards #11 (PKCS #11) specification
- Uploading wallets to (and downloading them from) a LDAP directory
- Importing third-party PKCS #12-format wallets
- Exporting Oracle wallets to a third-party environment
Wallet Password Management
Oracle wallets are password protected. Oracle Wallet Manager includes an enhanced wallet password management module that enforces Password Management Policy guidelines, including the following:
- Minimum password length (8 characters)
- Maximum password length unlimited
- Alphanumeric character mix required
Strong Wallet Encryption
Oracle Wallet Manager stores private keys associated with X.509 certificates and uses Triple-DES encryption.
To Starting Oracle Wallet Manager
- (Windows) Select Start, Programs, Oracle-HOME_NAME, Integrated Management Tools, Wallet Manager
- (UNIX) At the command line, enter owm.
How to Create a Complete Wallet: Process Overview
Wallets provide a necessary repository in which you can securely store your user certificates and the trust point you need to validate the certificates of your peers.
The following steps provide an overview of the complete wallet creation process:
- Use Oracle Wallet Manager to create a new wallet.
- Generate a certificate request. Note that when you create a new wallet with Oracle Wallet Manager, the tool automatically prompts you to create a certificate request.
- Send the certificate request to the CA you want to use. You can copy and paste the certificate request text into an e-mail message, or you can export the certificate request to a file. The certificate request becomes part of your wallet. It must remain there until you remove its associated certificate.
- When the CA sends your signed user certificate and its associated trusted certificate, then you can import these certificates in the following order. The user certificates and trusted certificates in the PKCS #7 format can be imported at the same time.
- First, import the CA’s trusted certificate into your wallet. This step may be optional if the new user certificate has been issued by one of the CAs whose trusted certificate is already present in Oracle Wallet Manager by default.
- After you have successfully imported the trusted certificate, then import the user certificate that the CA sent to you into your wallet.
- (Optional) Set the auto login feature for your wallet.
Typically, this feature, which enables PKI-based access to services without a password, is required for most wallets. It is required for the database server and client wallets. It is only optional for products that take the wallet password at the time of startup.
After completing the preceding process, you have a wallet that contains a user certificate and its associated trust points.
Required Guidelines for Creating Wallet Passwords
Because an Oracle wallet contains user credentials that can be used to authenticate the user to multiple databases, it is especially important to choose a strong wallet password. A malicious user who guesses the wallet password can access all the databases to which the wallet owner has access.
- Passwords must contain at least eight characters that consist of alphabetic characters combined with numbers or special characters.
- It is strongly recommended that users avoid choosing easily guessed passwords based on user names, phone numbers, or government identification numbers, such as “admin0,” “oracle1,” or “2135551212A.”
- This prevents a potential attacker from using personal information to deduce the users’ passwords.
- It is also a prudent security practice for users to change their passwords periodically, such as once in each month or once in each quarter.
- When you change passwords, you must regenerate auto-login wallets.
Oracle Advanced Security is very must to secure all valuable services & data. Oracle Wallet Manager provides a wide range of security level with help of recent technology and reduces the risk of a security thread and information loss.
Ramya Manoharan, Oracle Certified Techincal consultant of 4i Apps Solutions, an Oracle Platinum Partner company helping customers in Enterprise application implementation and maintenance services with valuable support. She is a technology enthusiast and always delighted to explore Oracle technologies to deliver the best in class solution to the customer.
Source / Reference Links
Share this post