Download Client Credentials (Wallets)

Oracle client credentials (wallet files) are downloaded from Autonomous Transaction Processing by a service administrator. If you are not an Autonomous Transaction Processing administrator, your administrator should provide you with the client credentials.

To download client credentials you can use the Oracle Cloud Infrastructure console or the Autonomous Transaction Processing Service Console.

To download client credentials from the Oracle Cloud Infrastructure console:

  1. Navigate to the Autonomous Database details page.
  2. Click DB Connection.
  3. On the Database Connection page select the Wallet Type:
    • Instance Wallet: Wallet for a single database only; this provides a database-specific wallet.
    • Regional Wallet: Wallet for all Autonomous Databases for a given tenant and region (this includes all service instances that a cloud account owns).

    Note:

    Oracle recommends you provide a database-specific wallet, using Instance Wallet, to end users and for application use whenever possible. Regional wallets should only be used for administrative purposes that require potential access to all Autonomous Databases within a region.
  4. Click Download Wallet.
  5. In the Download Wallet dialog, enter a wallet password in the Password field and confirm the password in the Confirm Password field.
    The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character. This password protects the downloaded Client Credentials wallet.
  6. Click Download to save the client security credentials zip file.

    By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want.

    You must protect this file to prevent unauthorized database access.

To download client credentials from the Autonomous Transaction Processing Service Console:

  1. From the Service Console click the Administration link.

  2. Click Download Client Credentials (Wallet).

  3. On the Download Client Credentials (Wallet) page, enter a wallet password in the Password field and confirm the password in the Confirm Password field. The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character. This password protects the downloaded Client Credentials wallet.

  4. Click Download to save the client security credentials zip file. By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want. You must protect this file to prevent unauthorized database access.

Note:

When you use the Service Console to download a wallet there is no Wallet Type option on the Download Client Credentials (Wallet) page and you always download an instance wallet. If you need to download the regional wallet, use DB Connection on the Oracle Cloud Infrastructure console as specified above.

The zip file includes the following:

  • tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net client side configuration.

  • cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the wallet password provided in the UI.

  • keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet password provided while downloading the wallet.

  • ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This should be in the same path as tnsnames.ora.

  • README: Contains wallet expiration information. The expiration date shows the date when the SSL certificate provided in the wallet expires. If your wallet is nearing expiration or is expired, then download a new wallet or obtain a new wallet from your Autonomous Database administrator. If you do not download a new wallet before the expiration date, you will no longer be able to connect to your Autonomous Transaction Processing database.

Notes:

  • To invalidate database client certification keys associated with a wallet, see Rotate Wallets for Autonomous Database.

  • Wallet files, along with the Database user ID and password provide access to data in your Autonomous Transaction Processing database. Store wallet files in a secure location. Share wallet files only with authorized users. If wallet files are transmitted in a way that might be accessed by unauthorized users (for example, over public email), transmit the wallet password separately and securely.

  • For better security, Oracle recommends using restricted permissions on wallet files. This means setting the file permissions to 600 on Linux/Unix. Similar restrictions can be achieved on Windows by letting the file owner have Read and Write permissions while all other users have no permissions.

  • Autonomous Database uses strong password complexity rules for all users based on Oracle Cloud security standards. For more information on the password complexity rules see Create Users on Autonomous Database.

  • The README file that contains wallet expiration information is not available in wallet zip files that were downloaded before April 2020.