2 Replies Latest reply: Jan 24, 2013 10:56 PM by 11g.DBA RSS

    security certificates for oracle..

      Hi DBAs,

      I want to secure my 11g database using SSL or any other certificates.I was trying on wallet manager.I created a certificate request form.
      What will be the further procedure for it?
      Buying and pasting a new certificate using wallet manager will do the cause or i need to do some more steps in this regard??
        • 1. Re: security certificates for oracle..
          Harm Joris ten Napel-Oracle

          the workflow is generally that you use Oracle Wallet manager to generate a certificate request, then have this certificate request
          signed with your prefered Certificate Authority like Verisign or any other trusted CA, then when you get the signed certificate back
          it is very important you can only import this in the wallet that has the pending certificate request (this is where it usually goes wrong:
          you cannot import the signed certificate into a new wallet). For more information, please see : Configuring NET8 TCP/IP via SSL (Doc ID 112490.1)

          There are many MOS notes about ssl, please clarify also for what purpose you want to use the certificate, like in your case
          I assume you want to setup ssl for sqlnet (tcps protocol), if you want a less complicated way to encrypt oracle network traffic
          you can use generic ASO encryption, but arguably ssl has the added benefit that your clients can be certain to communicate
          with the entity verified in the certificate, with 'simple' ASO encryption there 's in theory the risk of the dreaded man-in-the middle,


          Harm ten Napel

          Edited by: hnapel on Jan 24, 2013 8:32 AM
          • 2. Re: security certificates for oracle..
            My purpose for using certificate is just to encrypt my server for security reasons.

            Once the signed certificate is imported in the wallet of server,Are my database and clients connections secured or do i need to set some other parameters at client or server side?