Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle and SSL

Re: Oracle and SSL

From: Craig Warman <crwarman_at_yahoo.com>
Date: Mon, 15 Nov 2004 07:22:41 -0500
Message-ID: <BDBE09C1.A149%crwarman@yahoo.com> 






Kalle - Here are some general notes and a reference to get you started.



First, you will be using Oracle's Advanced Security Option, so if you
haven't installed that then you'll need to do so.



Second, you will need at least two SSL certificates - one for each of the
servers, plus additional certificates for any other clients or servers which
want to make an SSL connection.  It's interesting to note that unlike web
browser communication, you must have an SSL certificate for clients as well
as servers when it comes to SQL*Net over SSL.  Correspondingly, you will be
doing configuration work on both sides of the connection.



Third, you will be operating over a connection that is markedly slower due
to the use of SSL.  SSL accelerator appliances can be helpful if this
becomes an issue.



Finally, if there are firewalls involved between the two databases, then
there will be configuration work involved there as well (whether or not SSL
is in the mix).  This is due to the fact that SQL*Net uses a more or less
"random" port through which to direct its connections.  You have several
options in this case; I won't cover them here since that wasn't what you
were asking about...



On to the configuration docs.  First, take a look at the following:
http://download-west.oracle.com/docs/cd/B14117_01/network.101/b10772/asossl.
htm


Though this is for 10g, the configuration is nearly identical for 9i, 9ir2,
and even 8i (to a degree).  If you're using Net8, incidentally, you can look
at Metalink note 132852.1 for more version-specific info there.



If SSL isn't your only option, I would encourage you to also consider
something along the lines of a VPN connection - assuming there's
geographical separation between the two servers.  This pushes the
encryption/decryption work down to the router level - and, depending on what
you're using, you may find this to be a much faster connection.  One thing
is certain - if that's what you're already using, then you probably don't
want to layer SQL*Net with SSL on top of it!



Hope this helps.



Craig




On 11/15/04 12:03 AM, in article XMWld.30129$g4.563877_at_news2.nokia.com,
"Kalle" <not_at_valid.com> wrote:



> Hi all,

> 

> I have a need to "protect" a traffic between two servers and sql*net

> traffic...

> 

> SSL is one option but how to setup it and what Oracle recommends

> concerning SSL

> 

> Thank you in advance

> 

> Kalle

> 

Received on Mon Nov 15 2004 - 06:22:41 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US