5 Replies Latest reply: Nov 26, 2012 2:35 PM by Zoran Pavlovic RSS

    Setting of Oracle DB with SSL

    863906
      Hi,

      I want to setup Oracle DB 64Bit 11.2 to use SSL and Certificates (TCPS). I am new to this SSL and need help in setting of Oracle DB with SSL.

      I have installed Oracle DB 64Bit 11.2 on my Hosted machine. But I don't know how to setup SSL and certificates. From where i can get certificates. I understood that we can use openssl to create own certificates. But I am not sure I can install openssl on our oracle machines as per license.

      Please help me.
        • 1. Re: Setting of Oracle DB with SSL
          user11977218
          The main steps is :

          1 . Create and configure the server wallet
          2. Create and configure the client wallet
          3. Configure server side listenr , for example :

          LISTENER =
          (DESCRIPTION_LIST =
          (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCP)(HOST = db_host.example.com)(PORT = 1521))
          )
          (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCPS)(HOST = db_host.example.com)(PORT = 1522))
          )
          )

          WALLET_LOCATION =
          (SOURCE=
          (METHOD=File)
          (METHOD_DATA=
          (DIRECTORY=/u01/10.2/server_wallet)))

          4. Client side sqlnet.ora :

          SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)
          SSL_VERSION = 0
          SSL_CLIENT_AUTHENTICATION = TRUE

          WALLET_LOCATION =
          (SOURCE =
          (METHOD = FILE)
          (METHOD_DATA =
          (DIRECTORY = /u01/10.2/client_wallet)
          )
          )
          • 2. Re: Setting of Oracle DB with SSL
            863906
            Can you please provide more details on how to do the following:
            1 . Create and configure the server wallet
            2. Create and configure the client wallet
            • 3. Re: Setting of Oracle DB with SSL
              vlethakula
              check

              http://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CBHJBDGD

              Refer section 8.6.2
              • 4. Re: Setting of Oracle DB with SSL
                863906
                Could you please give some brief steps. The link given in above reply has vast data.

                Do I need any certificates if then how to create them. please provide some details. I want to use this environment for my development only.
                • 5. Re: Setting of Oracle DB with SSL
                  Zoran Pavlovic
                  First you should configure listener to use tcps using netca (just put tcps on protocols). After that you need to configure client and server part. On both sides, you can use netmgr (Network Manager). First start netmgr, then on encryption tab put Encryption type to required, and select appropriate algorithms, and thats it (do this on both sides - Under Encryption on client side put CLIENT, and on server side put SERVER) - Voila - you have your encryption!

                  If you need certificates you can create them by using openssl:
                  openssl req -new -newkey rsa:4096 -days 730 -nodes -x509 -keyout server.key -out server.crt
                  
                  openssl req -new -newkey rsa:4096 -days 730 -nodes -x509 -keyout client.key -out client.crt
                  Zoran