Professional Documents
Culture Documents
OracleDB Connection With Certificate
OracleDB Connection With Certificate
CERTIFICATE
Database Connection to an oracle Database authenticated with a Certificate
Then we need to create a self signed server certificate for the server:
orapki wallet add -wallet /u01/app/oracle/admin/TDB01/wallet/ -dn "CN=oelvm02" -
keysize 1024 -self_signed -validity 365 -pwd welcome1
To add this certificate to the client wallet we need to export this certificate:
orapki wallet export -wallet /u01/app/oracle/admin/TDB01/wallet/ -dn "CN=oelvm02" -
cert /tmp/serv
CERTIFICATE CREATION ON THE CLIENT
Then we need to create a self signed server certificate for the client:
orapki wallet add -wallet /u01/app/oracle/admin/wallet/-dn "CN=oelvm01"-keysize 1024
-self_signed -validity 365 -pwdwelcome1
To add this certificate to the server wallet we need to export this certificate:
orapki wallet export -wallet /u01/app/oracle/admin/wallet/ -dn "CN=oelvm01" -cert
/u01/app/oracle/admin/wallet/client.crt
Copy the client.crt file to the server and add it to the wallet:
orapki wallet add -wallet /u01/app/oracle/admin/TDB01/wallet-trusted_cert -cert
/u01/app/oracle/admin/TDB01/wallet/client.crt -pwdwelcome1
Copy the server.crt file to the server and add it to the wallet:
orapki wallet add -wallet /u01/app/oracle/admin/wallet-trusted_cert -cert
/u01/app/oracle/admin/wallet/server.crt -pwdwelcome1
NETWORK CONFIGURATION ON SERVER
LISTENER.ORA
SSL_CLIENT_AUTHENTICATION = TRUE LISTENER = (DESCRIPTION_LIST = (DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1)) (ADDRESS = (PROTOCOL = TCP)(HOST =
localhost)(PORT = 1521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST =
localhost)(PORT = 1523))) ) WALLET_LOCATION = (SOURCE = (METHOD = FILE)
(METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/TDB01/wallet))
SQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES=(TCPS,NTS) SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =
/home/oracle/Wallets/server_wallet)) )
TNSNAMES.ORA
tdb01_tcps = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL =
TCPS)(HOST = oelvm02)(PORT = 1523))) (CONNECT_DATA = (SERVICE_NAME =
TDB01_DB1.localdomain)) )
SQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES=(TCPS,NTS) SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =
/u01/app/oracle/admin/wallet)) )
TNSNAMES.ORA
tdb01_tcps = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL =
TCPS)(HOST = oelvm02)(PORT = 1523))) (CONNECT_DATA = (SERVER =
DEDICATED)(SERVICE_NAME = TDB01_DB1.localdomain)) )
TEST CONFIGURATION
SQLPLUS TEST
sqlplus /@tdb01_tcps
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/network-encryption-in-
modern-relational-database-management-systems/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/how-to-setting-up-
encrypted-communications-channels-in-oracle-database/