From To BottomTo Bottom

In this Document

Goal
Solution
References

A wallet is required to be able to set up an SSL connection

Note: TCPS protocol is not enabled in a Standard Edition by default. For Standard Edition, follow steps from “How To Enable TCPS Support For Oracle Standard Edition (Doc ID 1457854.1)” before starting setting TCPS for XDB

@ You can create a self-signed certificate to be able to test/configure yourself

  • Ensure the files ewallet.p12 and cwallet.sso exist in the wallet directory.
    (cwallet.sso is created when autologin is enabled)
  • Ensure that the user id that the listener is running as has full control over the ewallet.p12 and cwallet.sso files. If running on unix use chown to ensure this. If running on windows and the listener service is running as system then you have to modify the security settings on the files to give system full control over the files system is the account on windows which stands for local operating system). If on windows and the listener is running as another account give this account full control over the files.
  • Ensure these control parameters exist in the sqlnet configuration files (sqlnet.ora and listener.ora):
  • When setting these control parameters it is advised to make the edits using Oracle Net ManagerWALLET_LOCATION =
    (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
    (DIRECTORY = /ots0/app/oracle/product/11.1.0/network/admin))
    )

    SSL_CLIENT_AUTHENTICATION=FALSE

  • Verify a secure sqlplus connection succeeds:In the listener.ora open a secure port:
    eg. add address:   (ADDRESS = (PROTOCOL = TCPS)(HOST = nlsu22)(PORT = 1966))

    In the tnsnames.ora add:

    v111_s =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCPS) (Host = nlsu22) (Port = 1966) )
    (CONNECT_DATA = (SID = v111) )
    )

    Connect via this secure port:

    sqlplus scott/tiger@v111_s

    Verify you are using the secure protocol by means of:

    select sys_context(‘userenv’,’network_protocol’) from dual;

    This should return: tcps

    If this all works as expected continue with the configuration.

    Remark: secure port 1966 has been added just to test the secure connection using the wallet and can now be removed from the configuration files again. Also in order for the sql test to work Oracle Advanced Security must be installed in the Oracle Home.

  • Set dispatcher for TCPSAdd the following entry in the database configuration file (init<SID>.ora:):
    eg.
    dispatchers='(PROTOCOL=TCP)(SERVICE=v111XDB)’,'(PROTOCOL=TCPS)(SERVICE=v111XDB)’

    and restart the database instance. Alternatively make the change by means of the alter system command:

    alter system set dispatchers = ‘(INDEX=0)(PROTOCOL=TCPS)(SERVICE=v111XDB)’, ‘(INDEX=1)(PROTOCOL=TCP)(SERVICE=v111XDB)’ scope=both;

    You can set the dispatcher for TCPS only as well if desired.

  • Set http2-port and http2-protocol in the XDB configuration:See Note 942945.1

    Let’s assume http2-port has been set to port# 1443.

  • Check listener status to verify the ports are defined as endpoints.
    This should look like:LSNRCTL for Solaris: Version 11.1.0.7.0 – Production on 09-SEP-2009 16:24:46

    STATUS of the LISTENER
    ————————

    Listening Endpoints Summary…
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=nlsu22.nl.oracle.com)(PORT=1521)))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=nlsu22.nl.oracle.com)(PORT=8080))(Presentation=HTTP)(Session=RAW))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=nlsu22.nl.oracle.com)(PORT=2100))(Presentation=FTP)(Session=RAW))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=nlsu22.nl.oracle.com)(PORT=1443))(Presentation=HTTP)(Session=RAW))
    Services Summary…
  • Finally test secure connection in a browser:https://nlsu22.nl.oracle.com:1443
  • The secure connection can now also be used for applications like APEX and XML DB Web Services.
    eg./* First set up native XML DB WebServices. See Note 444191.1 */

    https://nlsu22.nl.oracle.com:1443/orawsv/SYS/DBMS_METADATA?wsdl

For reference see:  XML DB Developer’s Guide

REFERENCES

NOTE:444191.1 – How to Setup Native Oracle XML DB Web Services
NOTE:942945.1 – How To Enable The Secure HTTP Port (HTTPS) in XML DB