This discussion is archived
5 Replies Latest reply: Nov 26, 2012 12:35 PM by Zoran Pavlovic RSS

Setting of Oracle DB with SSL

863906 Newbie
Currently Being Moderated
Hi,

I want to setup Oracle DB 64Bit 11.2 to use SSL and Certificates (TCPS). I am new to this SSL and need help in setting of Oracle DB with SSL.

I have installed Oracle DB 64Bit 11.2 on my Hosted machine. But I don't know how to setup SSL and certificates. From where i can get certificates. I understood that we can use openssl to create own certificates. But I am not sure I can install openssl on our oracle machines as per license.

Please help me.
  • 1. Re: Setting of Oracle DB with SSL
    user11977218 Newbie
    Currently Being Moderated
    The main steps is :

    1 . Create and configure the server wallet
    2. Create and configure the client wallet
    3. Configure server side listenr , for example :

    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = db_host.example.com)(PORT = 1521))
    )
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCPS)(HOST = db_host.example.com)(PORT = 1522))
    )
    )

    WALLET_LOCATION =
    (SOURCE=
    (METHOD=File)
    (METHOD_DATA=
    (DIRECTORY=/u01/10.2/server_wallet)))

    4. Client side sqlnet.ora :

    SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)
    SSL_VERSION = 0
    SSL_CLIENT_AUTHENTICATION = TRUE

    WALLET_LOCATION =
    (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
    (DIRECTORY = /u01/10.2/client_wallet)
    )
    )
  • 2. Re: Setting of Oracle DB with SSL
    863906 Newbie
    Currently Being Moderated
    Can you please provide more details on how to do the following:
    1 . Create and configure the server wallet
    2. Create and configure the client wallet
  • 3. Re: Setting of Oracle DB with SSL
    vlethakula Expert
    Currently Being Moderated
    check

    http://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CBHJBDGD

    Refer section 8.6.2
  • 4. Re: Setting of Oracle DB with SSL
    863906 Newbie
    Currently Being Moderated
    Could you please give some brief steps. The link given in above reply has vast data.

    Do I need any certificates if then how to create them. please provide some details. I want to use this environment for my development only.
  • 5. Re: Setting of Oracle DB with SSL
    Zoran Pavlovic Explorer
    Currently Being Moderated
    First you should configure listener to use tcps using netca (just put tcps on protocols). After that you need to configure client and server part. On both sides, you can use netmgr (Network Manager). First start netmgr, then on encryption tab put Encryption type to required, and select appropriate algorithms, and thats it (do this on both sides - Under Encryption on client side put CLIENT, and on server side put SERVER) - Voila - you have your encryption!

    If you need certificates you can create them by using openssl:
    openssl req -new -newkey rsa:4096 -days 730 -nodes -x509 -keyout server.key -out server.crt
    
    openssl req -new -newkey rsa:4096 -days 730 -nodes -x509 -keyout client.key -out client.crt
    Zoran

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points