Configuring Oracle Database

To configure the Oracle Database, follow the steps below:

Create a new auto-login wallet on the database server.

Note:
These steps are required only if an Oracle Wallet has not been created previously. The following steps are not necessary if the GUI Oracle Wallet tool is used on the database server.
```
C:\> cd %ORACLE_HOME%
C:\oracledb\12.1.0\home> mkdir wallet
C:\oracledb\12.1.0\home> orapki wallet create -wallet wallet -pwd password1 -auto_login
```
You may ignore any messages that prompt you to use -auto_login_local on the orapki command line. If you run into SSL authentication failure error, see Doc ID 2238096.1 to troubleshoot the issue.
Also, check the security permission of the file cwallet.sso (under the wallet directory) and ensure the Oracle listener service user has read permission to this file. Without read permission, the SSL handshake will fail later on. This situation will occur if the Oracle database was installed with the suggested Oracle user who is not allowed to log on. If the Oracle database was installed with the Oracle user, then the TNS Listener must be run as a differnt user.
Create a self-signed certificate and load it into the wallet
```
C:\oracledb\12.1.0\home> orapki wallet add -wallet wallet -pwd password1 -dn "CN={FQDN of db server}" -
keysize 1024 -self_signed -validity 3650
```
The password password1 in the example above must match the password specified in Step 1.

Export the newly created self-signed certificate

C:\oracledb\12.1.0\home> orapki wallet export -wallet wallet -pwd password1 -dn "CN={FQDN of db server}"
-cert %COMPUTERNAME%-certificate.crt

Copy the exported Base64 certificate file to the HFM server(s).

Configure the SQL*NET and the TNS Listeners:

Identify an unused port on the database server. The example below creates the new listener on port 1522. The typical port used for SSL connections is 2484 and you may use any available port. You must check that the port you want to use is available on the database server before proceeding and adjust as necessary.

Update SQLNET.ORA. The DIRECTORY element of the WALLET_LOCATION declaration must point to the wallet created in Step 1 above.

SQLNET.AUTHENTICATION_SERVICES= (TCPS, NTS, BEQ)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\oracledb\12.1.0\home\wallet)
)
)
SSL_CLIENT_AUTHENTICATION = FALSE

Update LISTENER.ORA to define a new listener. Use the port that was identified in Step 5a above.

SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\oracledb\12.1.0\home)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\oracledb\12.1.0\home\bin\oraclr12.dll")
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION=
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\oracledb\12.1.0\home\wallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = myServer)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = myServer)(PORT = 1522))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = C:\oracledb

Create a new entry in TNSNAMES.ORA for the new port.
```
ORCL_SSL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = myServer)(PORT = 1522))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = myServer_service)
)
)
```
You must specify the same port that was identified in Step 5a above and used in Step 5c.

Restart the TNS Listener.

C:\oracledb\12.1.0\home>lsnrctl stop
C:\oracledb\12.1.0\home>lsnrctl start

Verify that the new TNS listener is working

C:\oracledb\12.1.0\home>tnsping orcl_ssl
TNS Ping Utility for 64-bit Windows: Version 12.1.0.2.0 - Production on 10-SEP-2019 15:43:22
Copyright (c) 1997, 2014, Oracle. All rights reserved.
Used parameter files:
C:\oracledb\12.1.0\home\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = myServer)
(PORT = 1522)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = myServer_service)))
OK (130 msec)