Getting "PKI-04006: No matching private key in the wallet" When Importing a Certificate to an Oracle
Getting "PKI-04006: No matching private key in the wallet" When Importing a Certificate to an Oracle
Titleimage
Posted by Patrick Hamou on 2017:09:08 14:41:06
APPLIES TO:
Oracle HTTP Server - Version 10.1.2.0.0 and later
Information in this document applies to any platform.
SYMPTOMS
Getting the following error when importing a certificate to a newly created wallet:
PKI-04006: No matching private key in the wallet.
CAUSE
The "No matching private key in the wallet" error happens when attempting to install a user certificate to a wallet with no matching private key present. This could happen when installing a certificate to a wallet where the certificate request was NOT created there.
SOLUTION
Make sure that the user certificate is being installed to the wallet where the certificate request was created.
For 11g:
Note 1226933.1 Configuring Oracle HTTP Server to use SSL in Fusion Middleware 11g (11.1.1.X)
- See the following for using orapki to generate the new request (CSR) :
Note 1226834.1 How To Create a Wallet via Fusion Middleware Control in FMW 11g
Note 1226654.1 How To Create a Wallet via ORAPKI in FMW 11g
For 12c:
Note 1662675.1 Configuring Oracle HTTP Server to use SSL in Fusion Middleware 12c (12.1.X)
- See the following for using orapki to generate the new request (CSR):
Note 1631346.1 How To Create a Wallet via Fusion Middleware Control in Fusion Middleware 12c
Note 1629906.1 How To Create a Wallet via ORAPKI in Fusion Middleware 12c
Note: This can also happen when attempting workarounds for unsupported certificate types, such as SAN certificates, not supported by OHS, Wallets or orapki:
Note 2225494.1 Support Status for Wildcard, SNI and SAN SSL Certificates for Oracle HTTP Server 11g/12c
Posted by Patrick Hamou on 2017:09:08 14:41:06