4.6.5 Configure Oracle Wallet for Secure Connection to Autonomous AI Database

Oracle Wallet is a secure software container used to store authentication credentials, such as SSL certificates and private keys, needed to connect securely to Oracle Autonomous AI Database. Proper wallet configuration enables applications, such as those using Oracle Machine Learning for Python (OML4Py), to connect to Autonomous AI Database instances with strong data encryption and authentication.

The following steps outline how to configure Oracle Wallets to securely connect to an Autonomous AI Database:

  1. Download the Oracle Wallet
    1. Log in to the Oracle Cloud Console.
    2. Navigate to Autonomous AI Database and select your target database instance.
    3. Click DB Connection.
    4. Click Download Wallet.
    5. Set a wallet password for secure storage and click Download.
    6. Save the ZIP file (Wallet_<db_name>.zip) to a secure location on your client machine.
  2. Extract and Secure the Wallet Files
    Unzip the downloaded wallet file into a secure directory (e.g., mywalletdir)
    mkdir -p mywalletdir
unzip Wallet_<db_name>.zip -d mywalletdir
cd mywalletdir/
ls
    README ewallet.p12 ojdbc.properties tnsnames.ora cwallet.sso 
keystore.jks sqlnet.ora truststore.jks
  3. Update the sqlnet.ora file to specify the wallet location. If your environment uses a proxy firewall, enable the SQLNET.USE_HTTPS_PROXY parameter by setting its value to on:
    WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="mywalletdir")))
SSL_SERVER_DN_MATCH=yes
SQLNET.USE_HTTPS_PROXY=on
  4. If you are working behind a firewall, add the proxy address and port number to each service level in your tnsnames.ora file. Additionally, include connection pool entries for all service levels. You will also need to create three new entries specifically for the AutoML connection pools, as illustrated below.

    Note:

    If the proxy server contains a firewall to terminate connections within a set time period, the database connection will also be terminated.

    For example, myadb_medium_pool is another alias for the connection string with SERVER=POOLED added to the corresponding one for myadb_medium.

    • For myadb_medium: 
      • myadb_low = (description= (retry_count=20)(retry_delay=3)(address=(https_proxy=your proxy
      address here)(https_proxy_port=80)(protocol=tcps)(port=1522)(host=adb.us-sanjose-1.oraclecloud.com))(connect_data=(service_name=qtraya2braestch_myadb_medium.adb.oraclecloud.com))(security=(ssl_server_cert_dn="CN=adb.us-sanjose-1.oraclecloud.com,OU=Oracle
      ADB SANJOSE,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))
      • myadb_medium = (description= (retry_count=20)(retry_delay=3)(address=(https_proxy=your proxy
      address here)(https_proxy_port=80)(protocol=tcps)(port=1522)(host=adb.us-sanjose-1.oraclecloud.com))(connect_data=(service_name=qtraya2braestch_myadb_medium.adb.oraclecloud.com))(security=(ssl_server_cert_dn="CN=adb.us-sanjose-1.oraclecloud.com,OU=Oracle
      ADB SANJOSE,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))
      • myadb_high = (description= (retry_count=20)(retry_delay=3)(address=(https_proxy=your proxy
      address here)(https_proxy_port=80)(protocol=tcps)(port=1522)(host=adb.us-sanjose-1.oraclecloud.com))(connect_data=(service_name=qtraya2braestch_myadb_medium.adb.oraclecloud.com))(security=(ssl_server_cert_dn="CN=adb.us-sanjose-1.oraclecloud.com,OU=Oracle
      ADB SANJOSE,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))
    • For myadb_medium_pool: 
      • myadb_low_pool = (description= (retry_count=20)(retry_delay=3)(address=(https_proxy=your
      proxy address here)(https_proxy_port=80)(protocol=tcps)(port=1522)(host=adb.us-sanjose-1.oraclecloud.com))(connect_data=(service_name=qtraya2braestch_myadb_medium.adb.oraclecloud.com)(SERVER=POOLED))(security=(ssl_server_cert_dn="CN=adb.us-sanjose-1.oraclecloud.com,OU=Oracle
      ADB SANJOSE,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))
      • myadb_medium_pool = (description= (retry_count=20)(retry_delay=3)(address=(https_proxy=your
      proxy address here)(https_proxy_port=80)(protocol=tcps)(port=1522)(host=adb.us-sanjose-1.oraclecloud.com))(connect_data=(service_name=qtraya2braestch_myadb_medium.adb.oraclecloud.com)(SERVER=POOLED))(security=(ssl_server_cert_dn="CN=adb.us-sanjose-1.oraclecloud.com,OU=Oracle
      ADB SANJOSE,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))
      • myadb_high_pool = (description= (retry_count=20)(retry_delay=3)(address=(https_proxy=your
      proxy address here)(https_proxy_port=80)(protocol=tcps)(port=1522)(host=adb.us-sanjose-1.oraclecloud.com))(connect_data=(service_name=qtraya2braestch_myadb_medium.adb.oraclecloud.com)(SERVER=POOLED))(security=(ssl_server_cert_dn="CN=adb.us-sanjose-1.oraclecloud.com,OU=Oracle
      ADB SANJOSE,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))
  5. Set the TNS_ADMIN Environment Variable in Windows GUI

    To enable client applications to locate and use the wallet, set the TNS_ADMIN environment variable:

    TNS_ADMIN: Path to the directory containing the wallet and network configuration files (tnsnames.ora, sqlnet.ora, etc.)

    1. Open the Start Menu

      Click the Windows Start button in the lower left corner of your screen.

    2. Access System Properties

      • Type 
        environment variables
        in the search box.
      • Select Edit the system environment variables from the search results.

    3. Open Environment Variables Window

      In the System Properties window, click the Environment Variables... button (usually near the bottom).

    4. Add or Edit TNS_ADMIN Variable

      • Under the User variables section (to set it for your user only) or System variables (to set it system-wide), click New….
      • For Variable name, enter: TNS_ADMIN
      • For Variable value, enter the full path to your Oracle Wallet directory (for example, C:\Users\yourname\wallet).
      If TNS_ADMIN already exists, select it and click Edit... instead, then update the value.

    5. Apply and Close

      • Click OK in the New/Edit dialog.
      • Click OK to close the Environment Variables window.
      • Click OK again to close the System Properties window.

    6. Restart Applications

      Any open command prompts or applications will need to be restarted to recognize the new or updated environment variable.

Verify Oracle Autonomous AI Database Connection

Verify that you can securely connect to your Autonomous AI Database (ADB):

  1. Start Python and load the oml library:
    python3
import oml
  2. Establish a database connection using the OML client, which utilizes the wallet for secure access. Set both the dsn and automl parameters to the appropriate tnsnames.ora alias from your wallet directory:
    oml.connect(user="oml_user", password="oml_user_password", 
dsn="myadb_medium", automl="myadb_medium_pool")

    To avoid exposing your Oracle Machine Learning user credentials in plain text, provide empty strings for the user and password parameters when connecting:

    oml.connect(user="", password="", dsn="myadb_medium", automl="myadb_medium_pool")

Parent topic: Install OML4Py Client for Windows for On-Premises and Autonomous Oracle AI Database