How to configure the Oracle server to use wallet authentication
  • 2 minutes to read
  • Dark
    Light
  • PDF

How to configure the Oracle server to use wallet authentication

  • Dark
    Light
  • PDF

Article summary

In this document, you’ll find a step-by-step guide on how to configure the Oracle server to accept connections via SSL.

It’ll take seven steps to configure the Oracle database so that it’s accessible via Database proxy in senhasegura, this document is the fourth step.

fluxoDB_4_EN.png

Attention

It’s extremely important to correctly follow the order of documents for configuring the Oracle database so that it functions correctly as a Database Proxy.

Requirements

  • Oracle DB Server configured the minimum version is 19.0.0.0.0
  • Server with ORAPKI installed to create Wallets.
  • Connectivity of the user's workstation with senhasegura on ports 1521 and 2484.
  • Certificate authority (CA) for signing Oracle DB certificates and the database credential.
  • Database client installed.
    • Dbeaver, minimum version: 23.1.0
    • SQLPlus, minimum version: 21.0.0.0.0
    • SQL Developer, minimum version: 23.1.0.097
  • Don’t have filters enabled for the certificate.

Configure the Oracle server

For Oracle DB to accept authentication via SSL using Oracle Wallet, some configurations are required on the server side.

Listener Parameter file

Identify the path to the files sqlnet.ora and listener.ora. Upon return from execution, the Listener Parameter File field will present the current path of the listener.ora file, and the sqlnet.ora file will be in the same directory.

oracle$ lsnrctl status

sqlnet.ora

Edit the file to accept connections via SSL using Oracle Wallet.

oracle$ vim /u01/app/oracle/product/19c/dbhome_1/network/admin/sqlnet.ora

WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = <ORACLE_WALLET_DIR>)))
SQLNET.AUTHENTICATION_SERVICES = (TCPS)
SSL_CLIENT_AUTHENTICATION = TRUE

listener.ora

Edit the file to add the following content:

oracle$ vim /u01/app/oracle/product/19c/dbhome_1/network/admin/listener.ora

SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = <ORACLE_WALLET_DIR>)))
LISTENER = 
	(DESCRIPTION_LIST = 
		(DESCRIPTION = 
			(ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
			(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
			(ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484))
		)
)

lsnrctl

For the settings to take effect, you must restart the service.

oracle$ lsnrctl stop
oracle$ lsnrctl start

After this step, Oracle DB Server will accept SSL connections through port 2484.
When a SSL authentication is enabled, you won’t be able to log in with sysdba via sqlplus using the password. Be sure to warn the customer about this behavior. Other users with administrator privileges can log in with a password.

Finishing the fourth step of configuring Oracle to be used via Database Proxy, access the document How to configure a device in senhasegura to use the Database Proxy with Oracle to perform the fifth part and continue the configuration.


Do you still have questions? Reach out to the senhasegura Community.


Was this article helpful?