- 3,716,128 Users
- 2,242,960 Discussions
- 7,845,836 Comments
- 17 Data
- 362.2K Big Data Appliance
- 7 Data Science
- 1.6K Databases
- 479 General Database Discussions
- 22 Multilingual Engine
- 487 MySQL Community Space
- 5 NoSQL Database
- 7.6K Oracle Database Express Edition (XE)
- 2.8K ORDS, SODA & JSON in the Database
- 417 SQLcl
- 42 SQL Developer Data Modeler
- 184.9K SQL & PL/SQL
- 21K SQL Developer
- 1.9K Development
- 3 Developer Projects
- 32 Programming Languages
- 135.1K Development Tools
- 9 DevOps
- 3K QA/Testing
- 259 Java
- 6 Java Learning Subscription
- 11 Database Connectivity
- 67 Java Community Process
- 1 Java 25
- 9 Java APIs
- 141.1K Java Development Tools
- 6 Java EE (Java Enterprise Edition)
- 153K Java Essentials
- 135 Java 8 Questions
- 86.2K Java Programming
- 270 Java Lambda MOOC
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 10 Java SE
- 13.8K Java Security
- 3 Java User Groups
- 18 Programs
- 125 LiveLabs
- 31 Workshops
- 9 Software
- 3 Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 4 Deutsche Oracle Community
- 11 Español
- 1.9K Japanese
- 2 Portuguese
Oracle 12.2 TLS connection - ODP.NET client configuration
We have to setup an encrypted TLS 2484 connection between an ODP.NET client and our Oracle 12.2 RDBMS.
We only need to use server ssl, so no client ssl/authentication ==> server ssl certificate
Authentication at db level stays based on username/password.
I guess the above is possible ?
We are starting from a Java JKS keystore.
On the Oracle RDBMS side I the following steps must be taken, correct ?
- Create Java keystore and key-pair
- Create CSR
- Provide CSR to CA for signing
- Import root (and intermediate) CA certificate
- Import our CA-signed certificate
- Use orapki tool to create wallet from jks keystore.
- Configure Oracle and ora listener files so it uses port 2484 and the wallet.
It's not clear however what we have to do at the ODP.NET client side.
Given that we only use server ssl, do we need to create a wallet at the client side as well and if so what certificates does it have to contain ?
Below the current, non-encrypted connection (1521) configuration used by the client.
(ADDRESS = (PROTOCOL = TCP)(HOST = xyz-db.abc.be)(PORT = 1521))
(SERVICE_NAME = myservice.zzz.BE)