Hello,
We have to setup an encrypted TLS 2484 connection between an ODP.NET client and our Oracle 12.2 RDBMS.
We only need to use server ssl, so no client ssl/authentication ==> server ssl certificate
Authentication at db level stays based on username/password.
I guess the above is possible ?
We are starting from a Java JKS keystore.
On the Oracle RDBMS side I the following steps must be taken, correct ?
- Create Java keystore and key-pair
- Create CSR
- Provide CSR to CA for signing
- Import root (and intermediate) CA certificate
- Import our CA-signed certificate
- Use orapki tool to create wallet from jks keystore.
- Configure Oracle and ora listener files so it uses port 2484 and the wallet.
It's not clear however what we have to do at the ODP.NET client side.
Given that we only use server ssl, do we need to create a wallet at the client side as well and if so what certificates does it have to contain ?
Below the current, non-encrypted connection (1521) configuration used by the client.
tnsnames.ora
XXX_PS =
(DESCRIPTION =
(ADDRESS\_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = xyz-db.abc.be)(PORT = 1521))
)
(CONNECT\_DATA =
(SERVICE\_NAME = myservice.zzz.BE)
)
)
Kr,
EDH