Why & How to Rotate ADB Wallet for DigiCert G1
Abotts Logo Abotts Partners with singapore based tech giant to help migrate their public sector customer from Sybase to SQL server.
Upworks Logo Abotts partners with NYPL to integrate with their partner libraries.
Abotts Logo ABOTTS partners with County in Los Angeles to upgrade their court infrastructure into new technologies.
Upworks Logo Upworks Inc partners with ABOTTS to build their Oracle Cloud Infrastructure (OCI) and migrate their custom applications to OCI.
Abotts partners with startup to manage and maintain their IT infrastructure and support SOC2 reporting.
Gnorth Logo Abotts Inc Partners with Gnorth consulting to deploy exadata and ODA for a large public sector customer.
Abotts Logo Abotts Partners with singapore based tech giant to help migrate their public sector customer from Sybase to SQL server.
Upworks Logo Abotts partners with NYPL to integrate with their partner libraries.
Abotts Logo ABOTTS partners with County in Los Angeles to upgrade their court infrastructure into new technologies.
Upworks Logo Upworks Inc partners with ABOTTS to build their Oracle Cloud Infrastructure (OCI) and migrate their custom applications to OCI.
Abotts partners with startup to manage and maintain their IT infrastructure and support SOC2 reporting.
Gnorth Logo Abotts Inc Partners with Gnorth consulting to deploy exadata and ODA for a large public sector customer.

Why & How to Rotate ADB Wallet for DigiCert G1

Wallet Rotation for DigiCert G1 Certificate End – Oracle Autonomous Database

 

Overview

Oracle Autonomous Database customers using mutual TLS (mTLS) authentication must prepare for the upcoming DigiCert G1 root certificate distrust.

Starting April 15, 2026, DigiCert will stop trusting G1 root certificates, which may impact database connectivity for wallets generated before January 28, 2026.

To ensure uninterrupted connectivity, organizations should update their database wallets before the deadline.

 

Background

DigiCert has announced the distrust of G1 root certificates.

Older wallets generated for Oracle Autonomous AI Database may contain these certificates.

Applications that use mTLS wallet-based authentication may fail to connect to the database once the certificate trust ends.

To prevent connectivity issues, a new wallet must be downloaded or rotated before April 15, 2026.

 

Wallet Rotation in OCI

Below are the steps followed to rotate and update the database wallet.

 

Step 1 – Login to OCI Console

Login to the **Oracle Cloud Infrastructure Console using your credentials.

Step 2 – Navigate to Autonomous Database

From the OCI Console menu:

Oracle Database

  → Autonomous Database

Step 3 – Select the Database

Locate and click the Autonomous Database instance for which the wallet needs to be updated.

Step 4 – Open Database Connection

Inside the database details page, navigate to:

Database Connection

This section contains the connection information and wallet management options.

Step 5 – Rotate the Wallet

Click the Rotate Wallet option.

OCI will automatically:

  • Generate a new wallet
  • Replace old certificates
  • Prepare a new secure connection bundle

Wait for the rotation process to complete.

Step 6 – Download the New Wallet

After rotation:

  1. Click Download Wallet
  2. Enter a wallet password
  3. Download the wallet ZIP file

This file contains:

  • tnsnames.ora
  • sqlnet.ora
  • ewallet.p12
  • cwallet.sso
  • Security certificates

Step 7 – Update Wallet Configuration

Extract the wallet ZIP file.

If your environment requires internal connectivity or private networking, update the HOST entry inside:

tnsnames.ora

Example:

HOST=<updated-host-or-ip>

After making changes:

  1. Save the file
  2. Repackage the wallet folder into a ZIP archive.

Step 8 – Store Wallet Securely

Upload the updated wallet to a secure credential management system or internal password vault.

Ensure:

  • Restricted access
  • Secure storage
  • Controlled distribution to application team

 

Validation

After updating the wallet, validate the connectivity.

Test database connections using:

  • SQL Developer
  • SQL*Plus
  • Application integrations

Ensure applications are using the new wallet package.

 

Best Practices

  •  Always download a new wallet before certificate expiration deadlines
  • Store wallets in secure vault systems
  • Avoid modifying wallet files unless required
  • Test connectivity after wallet updates
  • Remove old wallet versions if rotation invalidates them

 

Conclusion

With the DigiCert G1 certificate trust ending on April 15, 2026, updating database wallets is critical for maintaining uninterrupted database connectivity.

By rotating or downloading a new wallet from OCI and updating application configurations, organizations can ensure a smooth transition without service disruptions.