Preparing for any type of Oracle Call Interface (OCI) connection with TLS authentication requires the installation of client software and configuring certain files and environment variables.
Oracle Call Interface (OCI) clients support TLS authentication without a wallet if you are using the following client versions:
Oracle Instant Client/Oracle Database Client 19.13 - only on Linux x64
Oracle Instant Client/Oracle Database Client 19.14 (or later) and 21.5 (or later) - all platforms
See Update your Autonomous Database Instance to Allow both TLS and mTLS Authentication for information on allowing TLS connections.
- Install Oracle Instant Client.
- Got to the Oracle Instant Client page and click Download Now: Oracle Instant Client
- On the Oracle Instant Client Downloads page, select your
For example, under Instant Client for Linux, select the Instant Client for Linux x86-64 architecture (for this example, to download the Linux x86-64 version).
- Under Version 18.104.22.168.0 (Requires glibc 2.14), select an Instant Client package to download.
- If you are building a language API or driver from source code, you may also need to download the Instant Client SDK Package version 19.14: Oracle Instant Client
- Unzip the base package you selected. If you also download the SDK, unzip it in the same directory.
- On Linux, create a symbolic link if it does not exist. For
cd /home/myuser/instantclient_19_14 ln -s libclntsh.so.19.1 libclntsh.so
If there is no other Oracle software on your system that will be impacted, add Instant Client to the runtime link path. For example:
sudo sh -c "echo /home/myuser/instantclient_19_14 > /etc/ld.so.conf.d/oic.conf" sudo ldconfig
Alternatively set the library path in each shell that runs your application. For example:
Note:The Linux Instant Client download files are available as
.rpmfiles. You can use either version.
- If you have not already done so, enable TLS connections on your Autonomous Database instance.
- Run Your Application
- Update your application to connect using your database username, your
password, and the Oracle Net connect name given in the unzipped
tnsnames.orafile. For example, user,
adb_user, password, and
db2022adb_lowas the connect string.
- Alternatively, change the connect string in
tnsnames.orato match the string used by your application.
- Run your application.
- Update your application to connect using your database username, your password, and the Oracle Net connect name given in the unzipped
Allowing TLS connections to Autonomous Database does not disallow mutual TLS (mTLS) connections. Both Mutual TLS (mTLS) and TLS connections are valid when an Autonomous Database instance is configured to allow TLS connections. See Connect Python, Node.js, and other Scripting Languages (mTLS) for information on connecting using mutual TLS (mTLS) with a wallet.
In this case, update your
sqlnet.ora file by adding
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="/home/wallet1")))