Create a Wallet or Certificates for a TLS Connection
Prior to configuring a TLS connection to a non-Autonomous Database during target registration, you need to create one or more wallets or a certificate, depending on whether client authentication is enabled on your target database.
Create a PEM Certificate for a TLS Connection to a Database that has Server Authentication
- Create a PEM Certificate for a TLS Connection. See Transport Layer Security Connections without a Client Wallet in the Oracle Database Security Guide for more information.
- When you register the target database in Oracle Data Safe, make sure to do the following:
- Select the connection type TLS.
- Set the port number according to the port number you set in
the
listener.ora
file. In this example, the port number is 1553. - For the server distinguished name, enter the name you used
when you created the self-signed certificate in the wallet. In this example,
the name is
CN=rootca
. - For the wallet or certificate type, select PEM
Certificate and select the self-signed certificate that you
exported from the wallet. In this example, the file is
root1.crt
.
Create Wallets for a TLS Connection to a Database that has Mutual Authentication
During target registration, you can configure a TLS connection between Oracle Data Safe and an Oracle database. You are required to upload two wallets: a TrustStore wallet and a KeyStore wallet.
Oracle Recommendation:
While self-signed certificates are fine for testing purposes, Oracle recommends that you use certificates signed by a trusted or internal certificate authority (CA) for production systems.Part 1: Establish Mutually Authentication in Your Database
Configure mutual authentication on your target database. See Transport Layer Security Connections with a Client Wallet in the Oracle Database Security Guide for more information.
Part 2: Save the TrustStore and KeyStore Files
In this part, you copy the TrustStore and KeyStore files to your client machine.You do this because Oracle Data Safe requires a both wallets.
- Copy the TrustStore and KeyStore files to your client machine.
Part 3: Configure the TLS Connection During Target Registration in Oracle Data Safe
When you register the target database in Oracle Data Safe, make sure to do the following:
- Select the TLS connection type.
- Set the port number according to the port number you set in the
listener.ora
file. In this example, the port number is 1522. - For the server distinguished name, enter the name you used when you created the self-signed certificate for the target database. In this example, the name is
CN=CloudST2.debdev19.oraclecloud.internal
. - Upload the TrustStore file. For example, upload
truststore.jks
. - Upload the KeyStore file. For example, upload
keystore.jks
.