Contents x
    How to configure the wallet for Oracle in a cluster with grid infrastructure
    • 1 minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    How to configure the wallet for Oracle in a cluster with grid infrastructure

    • 1 minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    In this document, you’ll find a step-by-step guide on how to configure the Oracle server so that it can be used in a cluster with grid infrastructure.

    It’ll take five steps to configure the Oracle database so that it be accessible via Database proxy in senhasegura, this document is the first step.

    cluster_1_EN

    Attention

    It’s extremely important to correctly follow the order of documents for configuring the Oracle database so that it functions correctly as a Database Proxy.

    Requirements

    • Oracle DB Server configured with minimum version 19.0.0.0.0
    • Server with ORAPKI installed to create Wallets.
    • Connectivity of the user's workstation with senhasegura on ports 1521 and 2484.
    • Database client installed.
      • Dbeaver, minimum version: 23.1.0
      • SQLPlus, minimum version: 21.0.0.0.0
      • SQL Developer, minimum version: 23.1.0.097
    • Don’t have filters enabled for the certificate.

    Configure the wallet for Clustered Oracle

    Oracle GRID has problems with certificates generated via openssl that need to be signed by a CA due to the parameter set_serial, which is mandatory but creates an inconsistency in the identification of the CN.

    Therefore, when this scenario occurs, it’s recommended that self-signed certificates be created for the database credential.

    To configure the server wallet and enable TCPS, perform the steps below with a grid user:

    Create a Server Wallet

    It’ll only be necessary to perform this step if there is no wallet.

    orapki wallet create -wallet <ORACLE_WALLET_DIR> -pwd <ORACLE_WALLET_PASS> -auto_login

    Add a self-signed certificate to the wallet

    orapki wallet add -wallet <ORACLE_WALLET_DIR> -pwd <ORACLE_WALLET_PASS> -dn "CN=<ORACLE_SERVER>" -keysize 2048 -self_signed -validity 3650

    Check wallet certificates

    orapki wallet display -wallet <ORACLE_WALLET_DIR>

    Create self-signed certificate from DB credential

    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout <CREDENTIAL>.key -out <CREDENTIAL>.crt -subj "/CN=<CREDENTIAL>"

    Convert the certificate to .p12

    openssl pkcs12 -export -out <CREDENTIAL>.p12 -inkey <CREDENTIAL>.key -in <CREDENTIAL>.crt -passout pass:<CREDENTIAL_CERT_PASS>

    Import the .p12 to the wallet

    orapki wallet import_pkcs12 -pkcs12file <CREDENTIAL>.p12 -pkcs12pwd <CREDENTIAL_CERT_PASS> -wallet <ORACLE_WALLET_DIR> -pwd <ORACLE_WALLET_PASS>

    Check wallet certificates

    orapki wallet display -wallet <ORACLE_WALLET_DIR>

    Edit the files to point to the wallet and enable TCPS

    vim /u01/app/oracle/product/19.0.0/dbhome_1/network/admin/sqlnet.ora
vim /u01/app/oracle/product/19.0.0/dbhome_1/network/admin/listener.ora

    Restart listeners and the Scan service

    srvctl stop listener -l listener
srvctl stop scan_listener
srvctl stop scan

srvctl start scan
srvctl start scan_listener
srvctl start listener -l listener

lsnrctl status

    After finishing the first step, access the How to create a senhasegura user wallet document to perform the second part and continue the configuration.

    Do you still have questions? Reach out to the senhasegura Community.

    Was this article helpful?
    What's Next
    Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
    Connect With Us
    SENHASEGURA
    LEARN
    EXPLORE
    Copyright © senhasegura. All Rights Reserved