Contents x
    How to configure the Oracle server to use wallet authentication
    • 2 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    How to configure the Oracle server to use wallet authentication

    • 2 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    In this document, you’ll find a step-by-step guide on how to configure the Oracle server to accept connections via SSL.

    It’ll take seven steps to configure the Oracle database so that it’s accessible via Database proxy in senhasegura, this document is the fourth step.

    fluxoDB_4_EN.png

    Attention

    It’s extremely important to correctly follow the order of documents for configuring the Oracle database so that it functions correctly as a Database Proxy.

    Requirements

    • Oracle DB Server configured the minimum version is 19.0.0.0.0
    • Server with ORAPKI installed to create Wallets.
    • Connectivity of the user's workstation with senhasegura on ports 1521 and 2484.
    • Certificate authority (CA) for signing Oracle DB certificates and the database credential.
    • Database client installed.
      • Dbeaver, minimum version: 23.1.0
      • SQLPlus, minimum version: 21.0.0.0.0
      • SQL Developer, minimum version: 23.1.0.097
    • Don’t have filters enabled for the certificate.

    Configure the Oracle server

    For Oracle DB to accept authentication via SSL using Oracle Wallet, some configurations are required on the server side.

    Listener Parameter file

    Identify the path to the files sqlnet.ora and listener.ora. Upon return from execution, the Listener Parameter File field will present the current path of the listener.ora file, and the sqlnet.ora file will be in the same directory.

    oracle$ lsnrctl status

    sqlnet.ora

    Edit the file to accept connections via SSL using Oracle Wallet.

    oracle$ vim /u01/app/oracle/product/19c/dbhome_1/network/admin/sqlnet.ora

WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = <ORACLE_WALLET_DIR>)))
SQLNET.AUTHENTICATION_SERVICES = (TCPS)
SSL_CLIENT_AUTHENTICATION = TRUE

    listener.ora

    Edit the file to add the following content:

    oracle$ vim /u01/app/oracle/product/19c/dbhome_1/network/admin/listener.ora

SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = <ORACLE_WALLET_DIR>)))
LISTENER = 
	(DESCRIPTION_LIST = 
		(DESCRIPTION = 
			(ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
			(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
			(ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484))
		)
)

    lsnrctl

    For the settings to take effect, you must restart the service.

    oracle$ lsnrctl stop
oracle$ lsnrctl start

    After this step, Oracle DB Server will accept SSL connections through port 2484.
    When a SSL authentication is enabled, you won’t be able to log in with sysdba via sqlplus using the password. Be sure to warn the customer about this behavior. Other users with administrator privileges can log in with a password.

    Finishing the fourth step of configuring Oracle to be used via Database Proxy, access the document How to configure a device in senhasegura to use the Database Proxy with Oracle to perform the fifth part and continue the configuration.

    Do you still have questions? Reach out to the senhasegura Community.

    Was this article helpful?
    What's Next
    Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
    Connect With Us
    SENHASEGURA
    LEARN
    EXPLORE
    Copyright © senhasegura. All Rights Reserved