1 Reply Latest reply: Sep 24, 2013 6:04 AM by iehf RSS

    how to create wallet with orapki, if the dn is null(for a SSL connect)

    Jipeng

      the server runs 11.1.0.6 32 bit on windows 2003, it is a test server. Client 11.2.0.3, OAS installed.

      code 1

      cd C:\SSL

      orapki wallet create -wallet ./ -auto_login -pwd myclient99

      orapki wallet add -wallet ./ -dn "CN=Josef D" -keysize 1024 -self_signed -validity 365 -pwd myclient99

      orapki wallet export -wallet ./ -dn "CN=Josef D" -cert C:/SSL/client.cert

      copy client.cert C:\SSL\server\client.cert

      orapki wallet create -wallet ./ -auto_login -pwd myserver99

      orapki wallet add -wallet ./ -dn "CN=$%here is the problem$%" -keysize 1024 -self_signed -validity 365 -pwd myserver99

      orapki wallet export -wallet ./ -dn "CN=$%here is the problem$%" -cert C:/SSL/server/db.cert

      orapki wallet add -wallet . -trusted_cert -cert client.cert -pwd myserver99

      copy db.cert c:\SSL\db.cert

      cd ..

      orapki wallet add -wallet ./ -trusted_cert -cert db.cert -pwd myclient99

       

       

      orapki wallet display -wallet ./ -pwd myclient99

      cd server

      orapki wallet display -wallet ./ -pwd myserver99

      $%here is the problem$% will be replaced with the DN name, at first i used service_name, then SID, but none of them do it's work.

      now i can see, the wallet exchanged the certificate

      the client wallet was copied to client under C:\SSL .

       

      on the server, listener.ora

      listener.ora

      TRACE_LEVEL_LISTENER = ADMIN

      TRACE_FILE_LISTENER = listener

      TRACE_DIRECTORY_LISTENER =C:\app\Administrator\product\11.1.0\db_1\NETWORK\trace

      LOG_FILE_LISTENER = listener

      LOG_DIRECTORY_LISTENER =C:\app\Administrator\product\11.1.0\db_1\NETWORK\log

      LOGGING_LISTENER = ON

       

      SID_LIST_SSL_LISTENER =

         (SID_LIST =

           (SID_DESC =

        (GLOBAL_DBNAME = ORCL2)

        (SID_NAME = ORCL2)

        (ORACLE_HOME =C:\app\Administrator\product\11.1.0\db_1)

           )

         )

       

      SSL_LISTENER =

         (DESCRIPTION =

           (ADDRESS = (PROTOCOL = TCPS)(HOST = 176.16.1.212)(PORT =  1521))

         )

       

       

      WALLET_LOCATION = (SOURCE=

            (METHOD = FILE)

            (METHOD_DATA =

           (DIRECTORY=C:\SSL\server

            )))

       

      sqlnet.ora on server

      sqlnet.ora or server

      SQLNET.AUTHENTICATION_SERVICES= (TCPS, BEQ)

      SSL_SERVER_DN_MATCH=no

       

      NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

      SSL_CLIENT_AUTHENTICATION = TRUE

      SSL_CIPHER_SUITES= (SSL_RSA_EXPORT_WITH_RC4_40_MD5)

      SSL_VERSION = 0

      WALLET_LOCATION =

         (SOURCE =

           (METHOD = FILE)

           (METHOD_DATA =

        (DIRECTORY = C:\SSL\server)

           )

         )

      TRACE_DIRECTORY_SERVER = C:\app\Administrator\product\11.1.0\db_1\NETWORK\trace

      trace_level_server = SUPPORT

      TRACE_FILE_server = trace_server

      sqlnet.ora on client

      sqlnet.ora on client

      WALLET_LOCATION = (SOURCE=

           (METHOD = FILE)

           (METHOD_DATA =

          (DIRECTORY=C:\SSL

           )))

      SSL_VERSION = 0

      SQLNET.AUTHENTICATION_SERVICES = (TCPS,BEQ)

      SSL_SERVER_DN_MATCH = no

      SSL_CIPHER_SUITES= (SSL_RSA_EXPORT_WITH_RC4_40_MD5)

      SSL_CLIENT_AUTHENTICATION = TRUE

      NAMES.DIRECTORY_PATH= (TNSNAMES,EZCONNECT)

      TRACE_DIRECTORY_CLIENT =C:\SSL

      trace_level_client = USER

      TRACE_FILE_CLIENT = trace_user

      tnsnames.ora on client

      tnsnames.ora on client

      test_server76 =

        (DESCRIPTION =

          (ADDRESS_LIST =

            (ADDRESS = (PROTOCOL = TCPS)(HOST = 176.16.1.212)(PORT = 1521))

          )

          (CONNECT_DATA =

            (SID = ORCL2)

          )

        )

       

       

      test_server76-CHECK =

         (DESCRIPTION =

           (ADDRESS = (PROTOCOL = TCPS)(HOST = 176.16.1.212)(PORT = 1521))

           (CONNECT_DATA =

         (SERVICE_NAME=ORCL2.TESTER.INTERN)

          )

        (SECURITY=(SSL_SERVER_CERT_DN="CN=$%here is the problem$%"))

          )

      connect

      create user connectjd identified externally as 'CN=Josef D';

      grant create session to connectjd;

       

       

      --the in client

      Sqlplus /nolog

      conn /@test_server76-CHECK

      ora-28864: SSL connection closed gracefully

      something seems to be wrong:

      1. select * from V$ENCRYPTION_WALLET;

      WRL_TYPE    WRL_PARAMETER                             STATUS

      -----------------------------------------------------------------

      file        C:\APP\ADMINISTRATOR\ADMIN\ORCL2\WALLET   open

       

      2. show parameter dn;

      name                    type                          value

      -----------------------------------------------------------------

      rdbms_server_dn         string

      ??the DN is null??

       

      show parameter name;

      name                            type              value

      -----------------------------------------------------------------------

      db_file_name_convert            string               

      db_name                             string      orcl2

      db_unique_name                  string     orcl2

      global_names                      boolean   false

      instance_name                    string      orcl2

      lock_name_space                string

      log_file_name_convert           string

      service_names                     string      orcl2.tester.intern

       

       

      how can i get the right DN? can i just use a string that i will? i can not connect the server from outside of our company.

      i'm really thankful for every suggestion!