Getting "PKI-04006: No matching private key in the wallet" When Importing a Certificate to an Oracle Wallet

Getting "PKI-04006: No matching private key in the wallet" When Importing a Certificate to an Oracle

Getting "PKI-04006: No matching private key in the wallet" When Importing a Certificate to an Oracle

Titleimage

Posted by Patrick Hamou on 2017:09:08 14:41:06

APPLIES TO:

Oracle HTTP Server - Version 10.1.2.0.0 and later
Information in this document applies to any platform.
 

SYMPTOMS

Getting the following error when importing a certificate to a newly created wallet:

PKI-04006: No matching private key in the wallet.

CAUSE

The "No matching private key in the wallet" error happens when attempting to install a user certificate to a wallet with no matching private key present. This could happen when installing a certificate to a wallet where the certificate request was NOT created there.

SOLUTION

Make sure that the user certificate is being installed to the wallet where the certificate request was created. 

For 11g:
Note 1226933.1 Configuring Oracle HTTP Server to use SSL in Fusion Middleware 11g (11.1.1.X)
- See the following for using orapki to generate the new request (CSR) :
Note 1226834.1 How To Create a Wallet via Fusion Middleware Control in FMW 11g
Note 1226654.1 How To Create a Wallet via ORAPKI in FMW 11g

For 12c:
Note 1662675.1 Configuring Oracle HTTP Server to use SSL in Fusion Middleware 12c (12.1.X)
- See the following for using orapki to generate the new request (CSR):
Note 1631346.1 How To Create a Wallet via Fusion Middleware Control in Fusion Middleware 12c
Note 1629906.1 How To Create a Wallet via ORAPKI in Fusion Middleware 12c

Note: This can also happen when attempting workarounds for unsupported certificate types, such as SAN certificates, not supported by OHS, Wallets or orapki:

Note 2225494.1 Support Status for Wildcard, SNI and SAN SSL Certificates for Oracle HTTP Server 11g/12c

Posted by Patrick Hamou on 2017:09:08 14:41:06

Return to Blog