Secure Oracle mTLS with Custom Wallets

# Secure Oracle Access with mTLS Wallets

*A hands-on guide to configuring Oracle wallets for secure mutual TLS (mTLS) connections using existing PEM keys and certificates with OpenSSL and orapki.*

---

A few days ago, I configured an Oracle wallet to establish mutual TLS (mTLS) connections for a client.

Mutual TLS is a more secure variation of TLS where both the client and the server authenticate each other using certificates.

It's widely used in environments where secure, authenticated communication is critical — such as APIs between internal services or business partners.

In this post, I'll walk you through the steps I used to configure an Oracle wallet from an existing private key and certificates using `OpenSSL` and `orapki`.

This method is especially useful when you're provided with PEM-format certificates and keys and need to get them into a format Oracle can use.

---

## 🔐 What is mTLS?

**Mutual TLS (mTLS)** ensures both ends of a connection — the client and the server — verify each other's identity using certificates. Unlike standard TLS, where only the server presents a certificate, mTLS adds an extra layer of security by also requiring the client to present its certificate.

This is essential in APIs that need strong trust between both sides of the communication.

---

## 🛠️ Step-by-Step Setup: Create Oracle Wallet from PEM Keys

---

### ✅ 1. Generate a `.p12` File Using OpenSSL

Combine your certificate, private key, and root CA into a single PKCS#12 archive (`.p12` file):

```bash

openssl pkcs12 -export \

-in /u01/app/oracle/product/19.0.0/orcl/wallet/yourapi.domain.com.crt \

-inkey /u01/app/oracle/product/19.0.0/orcl/wallet/yourapi.domain.com.key \

-certfile /u01/app/oracle/product/19.0.0/orcl/wallet/rootca.crt \

-out openssl.p12