Oracle SSL configuration
To set up SSL configuration for Oracle connections, you need to create a wallet, configure Oracle network files, and adjust connection settings.
Prerequisites:
- Oracle Client installed
- Oracle Database Server that supports SSL
- Access rights to create directories and files
- A valid SSL certificate from a trusted CA
- Oracle Wallet Manager for wallet management
Create Oracle wallet
-
Create a wallet folder
Create a directory to store your wallet:
-
Generate a wallet
Use the
orapki
utility to create a wallet: -
Add certificates to the wallet
Choose one of the following:
- Create and add a self-signed certificate:
$ORACLE_HOME/bin/orapki wallet add -wallet /opt/oracle/wallet -pwd YourWalletPassword -dn "CN=example.com" -keysize 1024 -self_signed -validity 365
- Add a CA-signed certificate:
$ORACLE_HOME/bin/orapki wallet add -wallet /opt/oracle/wallet -pwd YourWalletPassword -trusted_cert -cert path_to_root_ca_cert
Tip
Replace
YourWalletPassword
,CN=example.com
, andpath_to_root_ca_cert
with your actual values. -
Generate JKS files
Convert the wallet to Java Keystore format:
Configure Oracle for SSL
-
Edit
listener.ora
Example:
SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /opt/oracle/wallet) ) ) LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1)) (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484)) ) ) DEDICATED_THROUGH_BROKER_LISTENER = ON DIAG_ADR_ENABLED = off
-
Edit
sqlnet.ora
Example:
-
Edit
tnsnames.ora
Example:
SSL= (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = XE) ) ) XE= (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = XE) ) )
Tip
Replace
0.0.0.0
,2484
, andXE
with your serverās IP, SSL port, and service name.
Restart services
-
Restart the listener
-
Restart the database
Tip
If running in Docker, use:
Connect to Oracle over SSL
-
Open Team Edition and create a new connection
If unsure how, see creating a connection.
-
Specify the custom JDBC URL
Example:
-
Set driver properties
javax.net.ssl.trustStorePassword
: Password for the truststorejavax.net.ssl.trustStoreType
:JKS
oracle.net.wallet.location
: Path to your wallet
-
Test the connection
Verify that you can connect over SSL.
Learn more
For general SSL configuration, see SSL overview.