9.5 CERTIFICATE

Use the certificate command to add and delete X.509 certificates. This command uses an extension of the DBMS_USER_CERTS PL/SQL package. The DBMS_USER_CERTS PL/SQL package uses ADD_CERTIFICATE and DROP_CERTIFICATE subprograms to add and delete X.509 certificates which are used for signature verification for blockchain tables by the current user.

The sub-commands are:

• Add
• Add_Copy
• Drop
• List

9.5.1 Add

Adds an X.509 certificate.

Note:

• Pass the full path of the cert_file on the client machine.
• The certificates should be present on the client machine.

Syntax

certificate add {OPTIONS}

Options

Option	Description
Required
-cert_file | -cf <cert_file>	Specifies the X.509 certificate (saved as a file) used for signature verification of blockchain tables.
Optional
-cert_guid | -cg <cert_guid>	Specifies the Global Unique Identifier (GUID) for the certificate. This is an OUT parameter option, used for storing the output value of the command in a bind variable.
-wallet_path | -wallet <wallet_path>()	Specifies the location of the wallet. If `cert_file` is not provided, the certificate is extracted from the specified wallet and added to the user_certs$ table.
-wallet_password | -walletpwd <wallet_password>()	Specifies the password of the local wallet. The password is removed upon use and is not retained. If a wallet password is not provided, then you are prompted to enter the password.
-wallet_certificate_alias |-walletcertalias <wallet_certificate_alias>()	Specifies the alias of the certificate to be added.

Example

SQL> certificate add -cf <PATH_TO_FILE>/u2_cert.der

9.5.2 Add_Copy

Copies an X.509 certificate from one pluggable database to another while retaining its original GUID.

Note:

• Pass the full path of the cert_file on the client machine.
• The certificates should be present on the client machine.

Syntax

certificate add_copy {OPTIONS}

Options

Option	Description
Required
-cert_file | -cf <cert_file>	Specifies the X.509 certificate (saved as a file) used for signature verification of blockchain tables.
-cert_guid | -cg <cert_guid>	Specifies the Global Unique Identifier (GUID) for the certificate.
Optional
-username | -uname <username>	Specifies the user name. If specified, the certificate is added to the schema associated with the mentioned user name.

Example

SQL> certificate add_copy -cf <PATH_TO_FILE>/u2_cert.der -cg <ORIGINAL_GUID> -uname "u1"

9.5.3 Drop

Drops a certificate. This is used for signature verification of blockchain tables.

Syntax

certificate drop {OPTIONS}

Options

Option	Description
Required
-cert_guid | -cg <cert_guid>	Specifies the Global Unique Identifier (GUID) for the certificate.

Example

SQL> certificate drop -cg ":cg"

9.5.4 List

Lists all previously added certificates that can be used for signature verification of blockchain tables.

Syntax

certificate list|ls

Example

SQL> certificate list