How to configure the wallet for Oracle in a cluster with grid infrastructure

  • 1 minute(s) read
Prev Next

This document provides information about the step-by-step guide on how to configure the Oracle server to be used in a cluster with grid infrastructure.

It’ll take four steps to configure the Oracle database to be accessible via Database Proxy in Segura, this document is the first step.

EN_cluster_step1.png

Attention

It’s extremely important to correctly follow the order of documents for configuring the Oracle database to function correctly as a Database Proxy.

Requirements

  • Oracle DB Server configured with minimum version 19.0.0.0.0
  • Server with ORAPKI installed to create Wallets.
  • Connectivity of the user's workstation with Segura on ports 1521 and 2484.
  • Database client installed.
    • Dbeaver, minimum version: 23.1.0
    • SQLPlus, minimum version: 21.0.0.0.0
    • SQL Developer, minimum version: 23.1.0.097
  • Don’t have filters enabled for the certificate.

Configure the wallet for Clustered Oracle

Oracle GRID has problems with certificates generated via openssl that need to be signed by a CA due to the parameter set_serial, which is mandatory but creates an inconsistency in the identification of the CN.

Therefore, when this scenario occurs, it’s recommended that self-signed certificates be created for the database credential.

To configure the server wallet and enable TCPS, perform the steps below with a grid user:

Create a Server Wallet

It’ll only be necessary to perform this step if there is no wallet.

orapki wallet create -wallet <ORACLE_WALLET_DIR> -pwd <ORACLE_WALLET_PASS> -auto_login

Add a self-signed certificate to the wallet

orapki wallet add -wallet <ORACLE_WALLET_DIR> -pwd <ORACLE_WALLET_PASS> -dn "CN=<ORACLE_SERVER>" -keysize 2048 -self_signed -validity 3650

Check wallet certificates

orapki wallet display -wallet <ORACLE_WALLET_DIR>

Create self-signed certificate from DB credential

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout <CREDENTIAL>.key -out <CREDENTIAL>.crt -subj "/CN=<CREDENTIAL>"

Convert the certificate to .p12

openssl pkcs12 -export -out <CREDENTIAL>.p12 -inkey <CREDENTIAL>.key -in <CREDENTIAL>.crt -passout pass:<CREDENTIAL_CERT_PASS>

Import the .p12 to the wallet

orapki wallet import_pkcs12 -pkcs12file <CREDENTIAL>.p12 -pkcs12pwd <CREDENTIAL_CERT_PASS> -wallet <ORACLE_WALLET_DIR> -pwd <ORACLE_WALLET_PASS>

Check wallet certificates

orapki wallet display -wallet <ORACLE_WALLET_DIR>

Edit the files to point to the wallet and enable TCPS

vim /u01/app/oracle/product/19.0.0/dbhome_1/network/admin/sqlnet.ora
vim /u01/app/oracle/product/19.0.0/dbhome_1/network/admin/listener.ora

Restart listeners and the Scan service

srvctl stop listener -l listener
srvctl stop scan_listener
srvctl stop scan

srvctl start scan
srvctl start scan_listener
srvctl start listener -l listener

lsnrctl status

After finishing the first step, access the How to configure a device in Segura to use the Database Proxy with Oracle document to perform the second step and continue the configuration.

Do you still have questions? Reach out to the Segura Community{target=_blank}.