Skip to Main Content

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Configuring database SSL connection on Oracle 11.2.0.4

DavidFaizDec 19 2016 — edited Dec 21 2016

Hello,

I've used the following guide

https://oracle-base.com/articles/misc/configure-tcpip-with-ssl-and-tls-for-database-connections#client-wallet-and-certif…

to configure a SSL connection between the database server and client.

I've configured it for Oracle 12g and client without any issues, but when I attempt to configure for Oracle 11.2.0.4 server & 11.2.0.4.0 client.

But when I attempt to connect via SQLPLUS, I'm redirected to the TCP port (1521) instead of the TCPS port (which I've configured to 1522).

The connection attempt is recorded in the listener log as follows:

Mon Dec 19 16:44:58 2016

19-DEC-2016 16:44:58 * 12560

TNS-12560: TNS:protocol adapter error

TNS-00540: SSL protocol adapter failure

  64-bit Windows Error: 61: Unknown error

19-DEC-2016 16:44:58 * (CONNECT_DATA=(SERVICE_NAME=VDB)(CID=(PROGRAM=C:\oracle\ora112\client\bin\sqlplus.exe)(HOST=2012R2-SC-2)(USER=Administrator))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.220.70)(PORT=50101)) * establish * NNVSDB * 0

The sqlnet.ora file:

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = C:\oracle\wallet)

     )

   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS)

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

The listener.ora file:

ADR_BASE_NNVSDB_LISTENER = C:\oracle

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =

  (SOURCE =

    (METHOD = FILE)

    (METHOD_DATA =

      (DIRECTORY = C:\oracle\wallet)

    )

  )

VDB_LISTENER =

  (DESCRIPTION_LIST =

    (DESCRIPTION =

  (ADDRESS = (PROTOCOL = TCPS)(HOST = 192.168.220.71)(PORT = 1522))

      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.220.71)(PORT = 1521))

    )

  )

SID_LIST_VDB_LISTENER =

  (SID_LIST =

    (SID_DESC =

      (SID_NAME = VDB)

      (ORACLE_HOME = C:\oracle\ora112)

    )

  )

Please advise.

Message was edited by: DavidFaiz, added listener.ora & sqlnet.ora files.

This post has been answered by Vlad Visan-Oracle on Dec 20 2016
Jump to Answer

Comments

BalazsT

Hi,

I have the same issue but only when I try to add an instance to my existing cluster, I have already an SR open with Oracle let's see what they reply.

If you have access to the Oracle Support site you will be able find a document how to setup an InnoDB Cluster from scratch.

Basically you can create 3 empty databases, make sure that no transactions are running or logged:

SET sql_log_bin = OFF;

CREATE USER clusteradmin@'%' IDENTIFIED BY 'xxx';

GRANT ALL PRIVILEGES ON mysql_innodb_cluster_metadata.* TO clusteradmin@'%' WITH GRANT OPTION;

GRANT SELECT, RELOAD, SHUTDOWN, PROCESS, FILE, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER ON *.* TO clusteradmin@'%' WITH GRANT OPTION;

GRANT INSERT, UPDATE, DELETE ON mysql.* TO clusteradmin@'%' WITH GRANT OPTION;

SET sql_log_bin = ON;

RESET MASTER;

SELECT @@global.gtid_executed;   --this must return no rows

Then you can use mysqlsh to setup the cluster.

Alexandre Almeida

Hi there,

Could you share all the config/option files? (my.cnf)

1 - 2
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Jan 18 2017
Added on Dec 19 2016
20 comments
1,455 views