10.2.11 Configuring Transport Layer Security on Oracle Connection Manager in Traffic Director Mode

Create a wallet on the Oracle Connection Manager in Traffic Director Mode server (CMAN-TDM), and then specify the TCP/IP with Transport Layer Security (TLS) listening endpoint and wallet location in the cman.ora file.

Note:

Starting with Oracle AI Database 26ai, the Oracle Wallet Manager (OWM) is desupported.

Oracle recommends using the orapki command line tool to replace OWM.

1. Confirm that a wallet has been created and that it has a certificate:
   1. Log in to the Oracle Connection Manager in Traffic Director Mode server where the wallet resides.
   2. Run the following command using the orapki command-line tool:

      orapki wallet display -wallet wallet_location

      Where, wallet_location is the path to the directory where the wallet is stored.

      If your wallet directory contains the cwallet.sso file (auto-login wallet) and it contains a user certificate, then this command displays a user certificate without asking for a password.

      Ensure that cwallet.sso contains a user certificate. If the wallet does not contain a user certificate, create a wallet that contains a user certificate, and then run the following command to create cwallet.sso in your wallet directory:

      orapki wallet create -wallet wallet_location -auto_login

2. In the cman.ora file, create a listening endpoint that uses TCP/IP with TLS (TCPS) and set the WALLET_LOCATION parameter to specify the wallet location on the CMAN-TDM side.

   For example, this is a sample cman.ora file configured with the TCPS protocol address and WALLET_LOCATION parameter settings:

   CMAN_1=
   	(CONFIGURATION=
       		(ADDRESS_LIST=
   		      (ADDRESS=(PROTOCOL=tcps)(HOST=proxysvr)(PORT=1522))
   		      (ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1523))
   		)
   		(RULE_LIST=
   		      (RULE=(SRC=*)(DST=*)(SRV=*)(ACT=accept))
   		)
       		(PARAMETER_LIST=
   		      (MAX_GATEWAY_PROCESSES=8)
   		      (MIN_GATEWAY_PROCESSSES=3)
       		)
   	 )
   WALLET_LOCATION= 
   	(SOURCE=
   		(METHOD=File)
   		(METHOD_DATA=
   			(DIRECTORY=wallet_location)
   	  	)
   	)
   SQLNET.WALLET_OVERRIDE = TRUE

   Note:

   The parameter WALLET_LOCATION is deprecated for use with Oracle AI Database 26ai for the Oracle Database server. It is not deprecated for use with the Oracle Database client or listener.

   For Oracle Database server, Oracle recommends that you use the WALLET_ROOT system parameter instead of using WALLET_LOCATION.