Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

SSL Connection Over JDBC

SSL Connection Over JDBC for Oracle

search

SSL Connection Over JDBC for Oracle

Create Certificate

The steps demonstrated here are performed on Linux machine. The same steps are applicable for Windows machine.

  1. Navigate to the home directory and create a directory. For this demonstration, we will create a directory named Wallets.

    cd /home/oracle/
mkdir Wallets

  2. Create a certificate and self-sign it.

    cd Wallets/Server
--------
orapki wallet create -wallet ./server_wallet -auto_login -pwd changeit
orapki wallet add -wallet ./server_wallet -dn "CN=server" -keysize 1024 -self_signed -validity 365 -pwd server@123 orapki wallet display -wallet ./server_wallet
orapki wallet export -wallet ./server_wallet -dn "CN=server" -cert ./server_wallet/cert.txt
orapki wallet display -wallet ./server_wallet

  3. Configure the database to use TCP with the server key.

    1. Configure the listener.ora file.

      a. Launch the Net manager tool using cmd netmgr.

      b. Expand Local > Listeners and click the Listener directory.

      c. Click Add Address and select TCP/IP with SSL as the protocol. Enter hostname (IP address) of the machine and port (default port is 2484).

      d. Click File > Save Network Configuration.

    2. Configure the sqlnet.ora file.

      a. Click Profile. From the drop-down list select Network Security.

      b. Select SSL and select server from the options.

      c. In the Wallet directory field, browse to the wallet path.

      The Revocation Check should be set to None, required SSL version should be Any, and the Require Client Authentication check-box should not be selected.

      d. Click File > Save Network Configuration.

    3. Configure the tnsnames.ora file.

      a. Click Service Naming.

      b. Click on Edit and then click Create to generate a new service.

      c. Specify NET Service Name as orcl/pdb1

      d. Select TCP/IP with SSL as the protocol. Specify Service Name as orclssl.

      e. In the hostname field, specify IP address of the machine.

      f. Enter Port Number as 2484.

      g. Click File > Save Network Configuration.

      h. Click File > Exit.

    4. Restart the listner.

      lsnrctl stop
lsnrctl start

    5. Add certificate to the keystore.

      1. Login to keystore as a root user. You can login through putty.

        a. Press c to enter in config mode.

        b. Run the followig command.

            pdb upload ssl certificate

        When prompted, upload the cert.txt file.

      2. Open the keystore and add connection using the following details:

        a. Protocol: SSL,

        b. Port: 2484

        c: SID/Service Name: orcl/orsclssl

Upload Certificate

The CA certificate can be uploaded either using REST interface or the CipherTrust Manager's GUI.

CipherTrust Manager's UI

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

  3. In the left pane, click Database Certificates and enter the following details.

    Field Description
    Name Unique name for certificate.
    Certificate Content of the cert.txt file in .PEM format.

  4. Click Upload.

The SSL setup is complete. You can now create database connection over SSL.

CipherTrust Manager's Rest interface

  1. Open the CipherTrust Manager URL in a browser. The login page is displayed.

  2. On the login page, click the API & CLI Documentation link. The API playground is displayed in the right.

  3. Click Authenticate.

  4. Enter username, password, domain, and click POST. The default domain is root.

  5. In the left pane, click CDP > Database.

  6. Click Upload - post. The Upload - post section is displayed on the right.

  7. In the body field, paste the CA certificate in the .pem format as shown below.

    {
    "name":"myCertCh",
    "cert":"-----BEGIN CERTIFICATE-----\nMIIBkDCB+gIBADANBgkqhkiG9w0BAQQFADARMQ8wDQYDVQQDEwZzZXJ2ZXIwHhcNMTkwNzMwMDQy\nODUyWhcNMjAwNzI5MDQyODUyWjARMQ8wDQYDVQQDEwZzZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQAD\ngY0AMIGJAoGBAMPJ9L0IanR5XxajKiLjEns2geFzYjCdOpIcqiHTH78D7N1nIm/XMWTbo7Bebi0V\nrirWM1LUakhHxUSV9L+nb1IMaAuk01/pmJaSbU8EPzcmujWoA66gKg2K0phExoT1RQ+QE+6pLBPl\nftSB8VLNiPcXx4GMQcUq9Kiw4CMmozvBAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAjxmFBnkkxp1K\n2gkDsfvz5Uq7bGvXwdO8M/j5Ryz812f4pzyCXbb8p4rkf9l27WJAJ6Ero9U07K7Rd8NqBJmReobq\nDcPQnp2y4dzsPI7/oMHfk69DkGIa4PHhEYcXWz37L33CBrxnASpqM6yc/thjARt73Ejs80foBkAf\nOG6//Cs=\n-----END CERTIFICATE-----"
}

  8. Click POST.

Select SSL

On the Oracle Database Configuration page, select the Protocol as SSL.