Scribd Logo
Upload

Welcome to Scribd!

  • OracleDB Connection With Certificate

    Uploaded by

    Anant Kallary
    34 views4 pages
    This document provides steps to configure a database connection using certificates rather than a username and password. It describes creating self-signed certificates on both the database server and client, exporting and importing the certificates between the wallets on each system, and configuring the network and database to use these certificates for authentication over an encrypted connection.

    Original Description:

    Original Title

    OracleDB_Connection_with_Certificate

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides steps to configure a database connection using certificates rather than a username and password. It describes creating self-signed certificates on both the database server and client, exporting and importing the certificates between the wallets on each system, and configuring the network and database to use these certificates for authentication over an encrypted connection.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    34 views4 pages

    OracleDB Connection With Certificate

    Uploaded by

    Anant Kallary
    This document provides steps to configure a database connection using certificates rather than a username and password. It describes creating self-signed certificates on both the database server and client, exporting and importing the certificates between the wallets on each system, and configuring the network and database to use these certificates for authentication over an encrypted connection.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    DATABASE CONNECTION WITH A

    CERTIFICATE
    Database Connection to an oracle Database authenticated with a Certificate

    Instead of connecting to the database with username and password it is


    also possible to connect to the database via username and certificate.

    In this example we will use self-signed certificates. A similar configuration


    is possible with trusted certificates.

    To be able to login to the database with a certificate we need a wallet on


    the database server and a wallet on the client.

    In this example we use a self-signed certificate. The process for using a


    trusted certificate is similar.

    CERTIFICATE CREATION ON THE SERVER

    First we need to create a wallet on the server:


    mkdir/u01/app/oracle/admin/TDB01/wallet orapki wallet create -wallet
    /u01/app/oracle/admin/TDB01/wallet/-auto_login -pwdwelcome

    Then we need to create a self signed server certificate for the server:
    orapki wallet add -wallet /u01/app/oracle/admin/TDB01/wallet/ -dn "CN=oelvm02" -
    keysize 1024 -self_signed -validity 365 -pwd welcome1

    To add this certificate to the client wallet we need to export this certificate:
    orapki wallet export -wallet /u01/app/oracle/admin/TDB01/wallet/ -dn "CN=oelvm02" -
    cert /tmp/serv
    CERTIFICATE CREATION ON THE CLIENT

    First we need to create a wallet on the client:


    mkdir-p /u01/app/oracle/admin/wallet
    orapki wallet create -wallet /u01/app/oracle/admin/wallet/-auto_login -pwdwelcome1

    Then we need to create a self signed server certificate for the client:
    orapki wallet add -wallet /u01/app/oracle/admin/wallet/-dn "CN=oelvm01"-keysize 1024
    -self_signed -validity 365 -pwdwelcome1

    To add this certificate to the server wallet we need to export this certificate:
    orapki wallet export -wallet /u01/app/oracle/admin/wallet/ -dn "CN=oelvm01" -cert
    /u01/app/oracle/admin/wallet/client.crt

    ADD CLIENT CERTIFICATE TO SERVER WALLET

    Copy the client.crt file to the server and add it to the wallet:
    orapki wallet add -wallet /u01/app/oracle/admin/TDB01/wallet-trusted_cert -cert
    /u01/app/oracle/admin/TDB01/wallet/client.crt -pwdwelcome1

    ADD SERVER CERTIFICATE TO CLIENT WALLET

    Copy the server.crt file to the server and add it to the wallet:
    orapki wallet add -wallet /u01/app/oracle/admin/wallet-trusted_cert -cert
    /u01/app/oracle/admin/wallet/server.crt -pwdwelcome1
    NETWORK CONFIGURATION ON SERVER

    To use encrypted communication with this certificate we need to create a


    listener endpoint. If you use Grid Infrastructure you have to use srvctl to
    add the endpoint.

    LISTENER.ORA
    SSL_CLIENT_AUTHENTICATION = TRUE LISTENER = (DESCRIPTION_LIST = (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1)) (ADDRESS = (PROTOCOL = TCP)(HOST =
    localhost)(PORT = 1521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST =
    localhost)(PORT = 1523))) ) WALLET_LOCATION = (SOURCE = (METHOD = FILE)
    (METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/TDB01/wallet))
    SQLNET.ORA
    SQLNET.AUTHENTICATION_SERVICES=(TCPS,NTS) SSL_CLIENT_AUTHENTICATION = TRUE
    WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =
    /home/oracle/Wallets/server_wallet)) )
    TNSNAMES.ORA
    tdb01_tcps = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL =
    TCPS)(HOST = oelvm02)(PORT = 1523))) (CONNECT_DATA = (SERVICE_NAME =
    TDB01_DB1.localdomain)) )

    NETWORK CONFIGURATION ON CLIENT

    SQLNET.ORA
    SQLNET.AUTHENTICATION_SERVICES=(TCPS,NTS) SSL_CLIENT_AUTHENTICATION = TRUE
    WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =
    /u01/app/oracle/admin/wallet)) )
    TNSNAMES.ORA
    tdb01_tcps = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL =
    TCPS)(HOST = oelvm02)(PORT = 1523))) (CONNECT_DATA = (SERVER =
    DEDICATED)(SERVICE_NAME = TDB01_DB1.localdomain)) )

    DATABASE USER CREATION

    To use the certificate at signing in we have to use external authentication


    and we use the CN of the certificate for the authentication.
    SQL> createusertest identified externally as'CN=oelvm01'; SQL> grantconnect,
    createsession totest;

    TEST CONFIGURATION

    SQLPLUS TEST
    sqlplus /@tdb01_tcps

    https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/network-encryption-in-
    modern-relational-database-management-systems/

    https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/how-to-setting-up-
    encrypted-communications-channels-in-oracle-database/

    You might also like