5.6 Configure Database Network Settings

Configure the database listener and network layer to accept secure TCPS connections on port 2484 and enable token-based authentication. Both configurations use the server wallet you created in the previous section.

1. Configure the database listener.
   1. Go to the database network configuration directory.

      cd $ORACLE_HOME/network/admin

   2. Open listener.ora in a text editor (for example, vi or nano).

      vi listener.ora

   3. Add or update the wallet location and the TCPS address as shown below and save the file.

      Use the database server’s fully qualified domain name for HOST.

      WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /u01/app/oracle/wallets/server)))
      
      TLS_CLIENT_AUTHENTICATION = FALSE
      
      LISTENER =
       (DESCRIPTION_LIST =
        (DESCRIPTION =
         (ADDRESS = (PROTOCOL = TCP)(HOST = <your-vm-fqdn>)(PORT = 1521))
         (ADDRESS = (PROTOCOL = TCPS)(HOST = <your-vm-fqdn>)(PORT = 2484))
        )
       )
      

2. Configure network and token authentication (sqlnet.ora).
   This step enables token-based authentication and directs the database network layer to the server wallet for TLS.
   1. In $ORACLE_HOME/network/admin, open sqlnet.ora.

      vi sqlnet.ora

   2. Add the following configuration.

      # --- Authentication ---
      SQLNET.AUTHENTICATION_SERVICES = (BEQ, TOKENAUTH)
      
      # --- TLS Configuration ---
      TLS_CLIENT_AUTHENTICATION = FALSE
      TLS_SERVER_DN_MATCH = TRUE
      
      # Prevents conflicts between Native Encryption and TLS
      SQLNET.IGNORE_ANO_ENCRYPTION_FOR_TCPS = TRUE
      
      WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /u01/app/oracle/wallets/server)))
      

   3. Restart the listener.
      Configure any required proxy environment variables in the same terminal session used to restart the listener. The listener inherits its environment from that session.

      
      export TNS_ADMIN=$ORACLE_HOME/network/admin
      lsnrctl stop
      lsnrctl start
      

   Note:

   In Oracle AI Database 26ai, the WALLET_LOCATION parameter in sqlnet.ora is deprecated for the database server. Use the WALLET_ROOT initialization parameter instead, as described in Generate Wallets and Certificates. However, WALLET_LOCATION remains valid for the listener and for client-side configurations.