Configuring Oracle Database
To configure the Oracle Database, follow the steps below:
- Create a new auto-login wallet on the database server.
Note:
These steps are required only if an Oracle Wallet has not been created previously. The following steps are not necessary if the GUI Oracle Wallet tool is used on the database server.
You may ignore any messages that prompt you to useC:\> cd %ORACLE_HOME% C:\oracledb\12.1.0\home> mkdir wallet C:\oracledb\12.1.0\home> orapki wallet create -wallet wallet -pwd password1 -auto_login
-auto_login_local
on theorapki
command line. If you run into SSL authentication failure error, see Doc ID 2238096.1 to troubleshoot the issue.Also, check the security permission of the file
cwallet.sso
(under the wallet directory) and ensure the Oracle listener service user has read permission to this file. Without read permission, the SSL handshake will fail later on. This situation will occur if the Oracle database was installed with the suggested Oracle user who is not allowed to log on. If the Oracle database was installed with the Oracle user, then the TNS Listener must be run as a differnt user. - Create a self-signed certificate and load it into the
wallet
C:\oracledb\12.1.0\home> orapki wallet add -wallet wallet -pwd password1 -dn "CN={FQDN of db server}" - keysize 1024 -self_signed -validity 3650
The password
password1
in the example above must match the password specified in Step 1. - Export the newly created self-signed
certificate
C:\oracledb\12.1.0\home> orapki wallet export -wallet wallet -pwd password1 -dn "CN={FQDN of db server}" -cert %COMPUTERNAME%-certificate.crt
- Copy the exported Base64 certificate file to the HFM server(s).
- Configure the SQL*NET and the TNS Listeners:
- Identify an unused port on the database server. The example below
creates the new listener on port
1522
. The typical port used for SSL connections is2484
and you may use any available port. You must check that the port you want to use is available on the database server before proceeding and adjust as necessary. - Update
SQLNET.ORA
. The DIRECTORY element of the WALLET_LOCATION declaration must point to the wallet created in Step 1 above.SQLNET.AUTHENTICATION_SERVICES= (TCPS, NTS, BEQ) NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) WALLET_LOCATION= (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\oracledb\12.1.0\home\wallet) ) ) SSL_CLIENT_AUTHENTICATION = FALSE
- Update LISTENER.ORA to define a new listener. Use the port that was
identified in Step 5a above.
SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = CLRExtProc) (ORACLE_HOME = C:\oracledb\12.1.0\home) (PROGRAM = extproc) (ENVS = "EXTPROC_DLLS=ONLY:C:\oracledb\12.1.0\home\bin\oraclr12.dll") ) ) SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION= (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\oracledb\12.1.0\home\wallet) ) ) LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = myServer)(PORT = 1521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = myServer)(PORT = 1522)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) ) ADR_BASE_LISTENER = C:\oracledb
- Create a new entry in
TNSNAMES.ORA
for the new port.ORCL_SSL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = myServer)(PORT = 1522)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = myServer_service) ) )
You must specify the same port that was identified in Step 5a above and used in Step 5c.
- Restart the TNS
Listener.
C:\oracledb\12.1.0\home>lsnrctl stop C:\oracledb\12.1.0\home>lsnrctl start
- Verify that the new TNS listener is
working
C:\oracledb\12.1.0\home>tnsping orcl_ssl TNS Ping Utility for 64-bit Windows: Version 12.1.0.2.0 - Production on 10-SEP-2019 15:43:22 Copyright (c) 1997, 2014, Oracle. All rights reserved. Used parameter files: C:\oracledb\12.1.0\home\network\admin\sqlnet.ora Used TNSNAMES adapter to resolve the alias Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = myServer) (PORT = 1522)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = myServer_service))) OK (130 msec)
- Identify an unused port on the database server. The example below
creates the new listener on port