Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle and SSL

Re: Oracle and SSL

From: Craig Warman <>
Date: Mon, 15 Nov 2004 07:22:41 -0500
Message-ID: <>

Kalle - Here are some general notes and a reference to get you started.

First, you will be using Oracle's Advanced Security Option, so if you haven't installed that then you'll need to do so.

Second, you will need at least two SSL certificates - one for each of the servers, plus additional certificates for any other clients or servers which want to make an SSL connection. It's interesting to note that unlike web browser communication, you must have an SSL certificate for clients as well as servers when it comes to SQL*Net over SSL. Correspondingly, you will be doing configuration work on both sides of the connection.

Third, you will be operating over a connection that is markedly slower due to the use of SSL. SSL accelerator appliances can be helpful if this becomes an issue.

Finally, if there are firewalls involved between the two databases, then there will be configuration work involved there as well (whether or not SSL is in the mix). This is due to the fact that SQL*Net uses a more or less "random" port through which to direct its connections. You have several options in this case; I won't cover them here since that wasn't what you were asking about...

On to the configuration docs. First, take a look at the following: htm
Though this is for 10g, the configuration is nearly identical for 9i, 9ir2, and even 8i (to a degree). If you're using Net8, incidentally, you can look at Metalink note 132852.1 for more version-specific info there.

If SSL isn't your only option, I would encourage you to also consider something along the lines of a VPN connection - assuming there's geographical separation between the two servers. This pushes the encryption/decryption work down to the router level - and, depending on what you're using, you may find this to be a much faster connection. One thing is certain - if that's what you're already using, then you probably don't want to layer SQL*Net with SSL on top of it!

Hope this helps.


On 11/15/04 12:03 AM, in article XMWld.30129$, "Kalle" <> wrote:

> Hi all,
> I have a need to "protect" a traffic between two servers and sql*net
> traffic...
> SSL is one option but how to setup it and what Oracle recommends
> concerning SSL
> Thank you in advance
> Kalle
Received on Mon Nov 15 2004 - 06:22:41 CST

Original text of this message