16.7 Troubleshoot Mismatch with Server Cert DN Error

APPLIES TO: Data Transforms that is part of the suite of data tools built into Oracle Autonomous Database.

For a connection on an Autonomous Database that is configured to use private endpoints, you must specify the distinguished name (DN) of the database server in the JDBC URL so that the Oracle Connection Manager (CMAN) can accept the request. Otherwise when you try to create and test such a connection, you might get a "Mismatch with Server Cert DN" error.

First, specify ssl_server_dn_match=yes in the JDBC URL for the CMAN to accept the request. Next, use the ssl_server_cert_dn parameter to specify the DN of the database server. Note that the order in which the keys are placed in ssl_server_cert_dn is important. The sequence should be CN, O, L, ST, C.

For example:

jdbc:oracle:thin:@(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=xxxxx.adb.us-phoenix-1.oraclevcn.com))(connect_data=(service_name=xxxxx.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)(ssl_server_cert_dn="CN=adwc.uscom-east-1.oraclecloud.com, O=Oracle Corporation, L=Redwood City, ST=California, C=US")))

To get the values for ssl_server_cert_dn:

1. Login to the VM that is in the same subnet where your Autonomous Database lies.
2. Type the following command:

   openssl s_client -connect xxxxx.adb.us-phoenix-1.oraclevcn.com:1521 -showcerts

   You will find the values for the following under Server Certificate details:

   CN, O, L, ST, C

   For example, "CN=adwc.uscom-east-1.oraclecloud.com, O=Oracle Corporation, L=Redwood City, ST=California, C=US"