Issue configuring Oracle database for SSL
Posted
by Santhosha Kaldambe
on Server Fault
See other posts from Server Fault
or by Santhosha Kaldambe
Published on 2010-03-29T06:17:22Z
Indexed on
2010/03/29
6:23 UTC
Read the original article
Hit count: 668
Hello,
I want to setup Oracle for SSL communication. I am not using SSL authentication for database user. As first requirement, generated self signed certificate using OpenSSL and added certificate to wallet. The wallet location is specified in server configuration. Created listener and it is starting however it does not provide any service. The default listener (non SSL) is working fine.
When I execute LSNRCTL.EXE status SSLLISTENER it gives below output.
STATUS of the LISTENER
Alias SSLLISTENER
Version TNSLSNR for 32-bit Windows: Version 11.1.0.6.0 -
Production Start Date 14-NOV-2009 01:47:08
Uptime 16 days 22 hr. 14 min. 3 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File
C:\app\Administrator\product\11.1.0\db_1\network\admin\listener.ora
Listener Log File
c:\app\administrator\diag\tnslsnr\\ssllistener\alert\log.xml
Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=)(PORT =2484)))
The listener supports no services
The command completed successfully
Here is exact content of various files after configuration. 1) File Name: tnsnames.ora ORCL = (DESCRIPTION = (ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT
1521)) ) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) )
2) File Name: sqlnet.ora
SSL_VERSION = 0 NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) sqlnet.authentication_services= (NONE) tcp.validnode_checking = no tcp.invited_nodes=(PS0803.oraebs.com,PS2948,PS5098) SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\app\Administrator\admin\orcl\Server_Wallet) ) )
3) File Name: listener.ora
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\app\Administrator\admin\orcl\Server_Wallet) ) )
LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT
1521)) ) )
SSLLISTENER = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = )(PORT = 2484)) )
Thanks
Santhosh
© Server Fault or respective owner