Skip to Main Content

Oracle Database Discussions

PKI-04001: Invalid Certificate

User_N725MSep 28 2022

I am trying to set up tcps connections using TLS 1.2
I am getting PKI-04001: Invalid Certificate when trying to install the user certificate.
I created a CSR with the oracle wallet
Create a certificate signing request
Do not use single quotes for spaces in -dn name
orapki wallet add -dn "CN=X99960AD01600V.UMPQ.UMPQUABANK.COM,OU=EIT - Cloud and Infrastructure Operations,O=Umpqua Bank,L=Hillsboro,ST=Oregon,C=US" -wallet /u01/app/oracle/wallet -keysize 2048 -pwd ********
I exported the CSR and sent it to my Cert Admin
He Provided a ROOT.cer, a INT.cer and the X99960AD01600V.pem created frpm the CSR
I installed the ROOT.cer and the INT.cer with no issues.
orapki wallet add -wallet "/u01/app/oracle/wallet" -pwd ************ -trusted_cert -cert "/etc/pki/ca-trust/source/anchors/ROOT.cer"
orapki wallet add -wallet "/u01/app/oracle/wallet" -pwd ************ -trusted_cert -cert "/etc/pki/ca-trust/source/anchors/INT.cer"
When I try to install the X99960AD01600V.pem as a user cert I receive the following error
orapki wallet add -wallet "/u01/app/oracle/wallet" -pwd *************** -user_cert -cert "/etc/pki/ca-trust/source/anchors/X99960AD01600V.pem"
Oracle PKI Tool Release - Production
Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved.
PKI-04001: Invalid Certificate.
Could not install user cert at/etc/pki/ca-trust/source/anchors/X99960AD01600V.pem
Please add all trusted certificates before adding the user certificate
Please advise next steps

Post Details
Added on Sep 28 2022
1 comment