Create a Wallet or Certificates for a TLS Connection

Prior to configuring a TLS connection to a non-Autonomous AI Database during target registration, you need to create one or more wallets or a certificate, depending on whether client authentication is enabled on your database.

Create a PEM Certificate for a TLS Connection to a Database that has Server Authentication

1. Create a PEM certificate for a TLS connection. See Transport Layer Security Connections without a Client Wallet in the Oracle Database Security Guide for more information.

2. When you register the database in Oracle Data Safe, make sure to do the following:

   • Select the connection type TLS.

   • Set the port number according to the port number you set in the listener.ora file. In this example, the port number is 1553.

   • For the server distinguished name, enter the name you used when you created the self-signed certificate in the wallet. In this example, the name is CN=rootca.

   • For the wallet or certificate type, select PEM Certificate and select the self-signed certificate that you exported from the wallet. In this example, the file is root1.crt.

Create Wallets for a TLS Connection to a Database that has Mutual Authentication

During target registration, you can configure a TLS connection between Oracle Data Safe and an Oracle database. You are required to upload two wallets: a TrustStore wallet and a KeyStore wallet.

Note: While self-signed certificates are fine for testing purposes, Oracle recommends that you use certificates signed by a trusted or internal certificate authority (CA) for production systems.

Part 1: Establish Mutually Authentication in Your Database

Configure mutual authentication on your database. See Transport Layer Security Connections with a Client Wallet in the Oracle Database Security Guide for more information.

Part 2: Save the TrustStore and KeyStore Files

Copy the TrustStore and KeyStore files to your client machine.You do this because Oracle Data Safe requires a both wallets.

Part 3: Configure the TLS Connection During Target Registration in Oracle Data Safe

When you register the database in Oracle Data Safe, make sure to do the following:

• Select the TLS connection type.

• Set the port number according to the port number you set in the listener.ora file. In this example, the port number is 1522.

• For the server distinguished name, enter the name you used when you created the self-signed certificate for the database. In this example, the name is CN=CloudST2.debdev19.oraclecloud.internal.

• Upload the TrustStore file; for example, upload truststore.jks.

• Upload the KeyStore file; for example, upload keystore.jks.