This discussion is archived
1 Reply Latest reply: Sep 24, 2013 4:04 AM by iehf RSS

how to create wallet with orapki, if the dn is null(for a SSL connect)

Jipeng Newbie
Currently Being Moderated

the server runs 11.1.0.6 32 bit on windows 2003, it is a test server. Client 11.2.0.3, OAS installed.

code 1

cd C:\SSL

orapki wallet create -wallet ./ -auto_login -pwd myclient99

orapki wallet add -wallet ./ -dn "CN=Josef D" -keysize 1024 -self_signed -validity 365 -pwd myclient99

orapki wallet export -wallet ./ -dn "CN=Josef D" -cert C:/SSL/client.cert

copy client.cert C:\SSL\server\client.cert

orapki wallet create -wallet ./ -auto_login -pwd myserver99

orapki wallet add -wallet ./ -dn "CN=$%here is the problem$%" -keysize 1024 -self_signed -validity 365 -pwd myserver99

orapki wallet export -wallet ./ -dn "CN=$%here is the problem$%" -cert C:/SSL/server/db.cert

orapki wallet add -wallet . -trusted_cert -cert client.cert -pwd myserver99

copy db.cert c:\SSL\db.cert

cd ..

orapki wallet add -wallet ./ -trusted_cert -cert db.cert -pwd myclient99

 

 

orapki wallet display -wallet ./ -pwd myclient99

cd server

orapki wallet display -wallet ./ -pwd myserver99

$%here is the problem$% will be replaced with the DN name, at first i used service_name, then SID, but none of them do it's work.

now i can see, the wallet exchanged the certificate

the client wallet was copied to client under C:\SSL .

 

on the server, listener.ora

listener.ora

TRACE_LEVEL_LISTENER = ADMIN

TRACE_FILE_LISTENER = listener

TRACE_DIRECTORY_LISTENER =C:\app\Administrator\product\11.1.0\db_1\NETWORK\trace

LOG_FILE_LISTENER = listener

LOG_DIRECTORY_LISTENER =C:\app\Administrator\product\11.1.0\db_1\NETWORK\log

LOGGING_LISTENER = ON

 

SID_LIST_SSL_LISTENER =

   (SID_LIST =

     (SID_DESC =

  (GLOBAL_DBNAME = ORCL2)

  (SID_NAME = ORCL2)

  (ORACLE_HOME =C:\app\Administrator\product\11.1.0\db_1)

     )

   )

 

SSL_LISTENER =

   (DESCRIPTION =

     (ADDRESS = (PROTOCOL = TCPS)(HOST = 176.16.1.212)(PORT =  1521))

   )

 

 

WALLET_LOCATION = (SOURCE=

      (METHOD = FILE)

      (METHOD_DATA =

     (DIRECTORY=C:\SSL\server

      )))

 

sqlnet.ora on server

sqlnet.ora or server

SQLNET.AUTHENTICATION_SERVICES= (TCPS, BEQ)

SSL_SERVER_DN_MATCH=no

 

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

SSL_CLIENT_AUTHENTICATION = TRUE

SSL_CIPHER_SUITES= (SSL_RSA_EXPORT_WITH_RC4_40_MD5)

SSL_VERSION = 0

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

  (DIRECTORY = C:\SSL\server)

     )

   )

TRACE_DIRECTORY_SERVER = C:\app\Administrator\product\11.1.0\db_1\NETWORK\trace

trace_level_server = SUPPORT

TRACE_FILE_server = trace_server

sqlnet.ora on client

sqlnet.ora on client

WALLET_LOCATION = (SOURCE=

     (METHOD = FILE)

     (METHOD_DATA =

    (DIRECTORY=C:\SSL

     )))

SSL_VERSION = 0

SQLNET.AUTHENTICATION_SERVICES = (TCPS,BEQ)

SSL_SERVER_DN_MATCH = no

SSL_CIPHER_SUITES= (SSL_RSA_EXPORT_WITH_RC4_40_MD5)

SSL_CLIENT_AUTHENTICATION = TRUE

NAMES.DIRECTORY_PATH= (TNSNAMES,EZCONNECT)

TRACE_DIRECTORY_CLIENT =C:\SSL

trace_level_client = USER

TRACE_FILE_CLIENT = trace_user

tnsnames.ora on client

tnsnames.ora on client

test_server76 =

  (DESCRIPTION =

    (ADDRESS_LIST =

      (ADDRESS = (PROTOCOL = TCPS)(HOST = 176.16.1.212)(PORT = 1521))

    )

    (CONNECT_DATA =

      (SID = ORCL2)

    )

  )

 

 

test_server76-CHECK =

   (DESCRIPTION =

     (ADDRESS = (PROTOCOL = TCPS)(HOST = 176.16.1.212)(PORT = 1521))

     (CONNECT_DATA =

   (SERVICE_NAME=ORCL2.TESTER.INTERN)

    )

  (SECURITY=(SSL_SERVER_CERT_DN="CN=$%here is the problem$%"))

    )

connect

create user connectjd identified externally as 'CN=Josef D';

grant create session to connectjd;

 

 

--the in client

Sqlplus /nolog

conn /@test_server76-CHECK

ora-28864: SSL connection closed gracefully

something seems to be wrong:

1. select * from V$ENCRYPTION_WALLET;

WRL_TYPE    WRL_PARAMETER                             STATUS

-----------------------------------------------------------------

file        C:\APP\ADMINISTRATOR\ADMIN\ORCL2\WALLET   open

 

2. show parameter dn;

name                    type                          value

-----------------------------------------------------------------

rdbms_server_dn         string

??the DN is null??

 

show parameter name;

name                            type              value

-----------------------------------------------------------------------

db_file_name_convert            string               

db_name                             string      orcl2

db_unique_name                  string     orcl2

global_names                      boolean   false

instance_name                    string      orcl2

lock_name_space                string

log_file_name_convert           string

service_names                     string      orcl2.tester.intern

 

 

how can i get the right DN? can i just use a string that i will? i can not connect the server from outside of our company.

i'm really thankful for every suggestion!

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points