Prepare for Oracle Call Interface, ODBC, and JDBC OCI Connections Using TLS Authentication

Preparing for any type of Oracle Call Interface (OCI) connection with TLS authentication requires the installation of client software and configuring certain files and environment variables.

Oracle Call Interface (OCI) clients support TLS authentication without a wallet if you are using the following client versions:

  • Oracle Instant Client/Oracle Database Client 19.13 - only on Linux x64

  • Oracle Instant Client/Oracle Database Client 19.14 (or later) and 21.5 (or later) - all platforms

See Update your Autonomous Database Instance to Allow both TLS and mTLS Authentication for information on allowing TLS connections.

  1. Install Oracle Instant Client.
    1. Got to the Oracle Instant Client page and click Download Now: Oracle Instant Client
    2. On the Oracle Instant Client Downloads page, select your platform.

      For example, under Instant Client for Linux, select the Instant Client for Linux x86-64 architecture (for this example, to download the Linux x86-64 version).

    3. Under Version 19.14.0.0.0 (Requires glibc 2.14), select an Instant Client package to download.
    4. If you are building a language API or driver from source code, you may also need to download the Instant Client SDK Package version 19.14: Oracle Instant Client
    5. Unzip the base package you selected. If you also download the SDK, unzip it in the same directory.
    6. On Linux, create a symbolic link if it does not exist. For example:
      cd /home/myuser/instantclient_19_14
      ln -s libclntsh.so.19.1 libclntsh.so

      If there is no other Oracle software on your system that will be impacted, add Instant Client to the runtime link path. For example:

      sudo sh -c "echo /home/myuser/instantclient_19_14 > /etc/ld.so.conf.d/oic.conf"
      sudo ldconfig
      

      Alternatively set the library path in each shell that runs your application. For example:

      export LD_LIBRARY_PATH=/home/myuser/instantclient_19_14:$LD_LIBRARY_PATH

      Note:

      The Linux Instant Client download files are available as .zip files or .rpm files. You can use either version.
  2. If you have not already done so, enable TLS connections on your Autonomous Database instance.
  3. Run Your Application
    1. Update your application to connect using your database username, your password, and the Oracle Net connect name given in the unzipped tnsnames.ora file. For example, user, adb_user, password, and db2022adb_low as the connect string.
    2. Alternatively, change the connect string in tnsnames.ora to match the string used by your application.
    3. Run your application.

Allowing TLS connections to Autonomous Database does not disallow mutual TLS (mTLS) connections. Both Mutual TLS (mTLS) and TLS connections are valid when an Autonomous Database instance is configured to allow TLS connections. See Connect Python, Node.js, and other Scripting Languages (mTLS) for information on connecting using mutual TLS (mTLS) with a wallet.

In this case, update your sqlnet.ora file by adding the following:

WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="/home/wallet1")))