Simple Oracle Advance Security Setup Guide

From: Richard Sandoz <rsandoz_at_hotmail.com>
Date: 21 May 2003 21:07:20 -0700
Message-ID: <9741a2b8.0305212007.11188f81_at_posting.google.com>

Simple Oracle Advance Security Setup Guide Oracle 9.2 by Richard Sandoz

(1) Create a wallet. Start "Wallet Manager". Create a wallet. Caution: Do not use the default location in win2k, xp, etcetera. This (Documents and Settings) contains spaces which presents compatibility issues with the version of Java Oracle uses. I chose C:\WALLETS. Enable Auto-Login under the menu "Wallets". The wallet creation create the file ewallet.p12 and the auto-login option creates the file cwallet.sso. You can also export certificates from mmc or Internet Explorer. Just be sure to export the private key, check "Include all certificates in the certification path if possible", rename the file to ewallet.p12, open it in "Wallet Manager", enable Auto-Login.

(2) Modify sqlnet.ora. Add the following entry which identifies the location of the wallet:

      WALLET_LOCATION =
        (SOURCE =


          (METHOD = FILE)


          (METHOD_DATA =


            (DIRECTORY = C:\WALLETS)
          )
        )

(3) Modify listener.ora. Add the following entry which identifies the location of the wallet and you LISTENER entry contains the TCPS, port 2484 line:

      WALLET_LOCATION =
        (SOURCE =


          (METHOD = FILE)


          (METHOD_DATA =


            (DIRECTORY = C:\WALLETS)
          )
        )

      LISTENER =
        (DESCRIPTION_LIST =


          (DESCRIPTION =


            (ADDRESS_LIST =
              (ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT =
2484))
            )
          )
        )

(4) Modify tnsnames.ora. Add the following entry which identifies the ssl connections network parameters:

      MYSSL =
        (DESCRIPTION =


          (ADDRESS_LIST =


            (ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT = 2484))
          )


          (CONNECT_DATA =


            (SERVICE_NAME = myservice)
          )
        )

(5) Open the Windows Servce Manager. Modify the TNSListener and the database services as follows. Select the "Log on" tab. Change "Log on as" from "Local System Account" to the account you completed step (1) with (the account which owns the wallet). Restart these services with these settings.

(*) General troubleshooting considerations: ORA-28759: Failed to open file
Did you create a wallet?
Did you enable Auto-Login in Wallet Manager? There should be a file "cwallet.sso" in your wallet folder.

ORA-28868: certificate chain check failed Is your requested certificate complete?

ORA-28862: SSL connection failed
Did you set the TNSListener Service to log on using the account which owns the wallet?
Did you set the Database Service to log on using the account which owns the wallet?

TNS-12560: TNS:protocol adapter error
Did you set the TNSListener Service to log on using the account which owns the wallet?

ORA-29002: SSL Transport detected invalid or obsolete server certificate
ensure SQLNET.ORA does not contain the following line SSL_SERVER_DN_MATCH=ON
you can also set this to off or create a cert with a CN (part of a DN) that of the same as the database SERVICE_NAME

ORA-28865: SSL connection closed
Is you SSL_VERSION correct in SQLNET.ORA

ORA-12560: TNS:protocol adapter error
Is you SSL_VERSION correct in SQLNET.ORA Received on Thu May 22 2003 - 06:07:20 CEST

This message: [ Message body ]
Next message: Ron Reidy: "Re: DBD-Oracle, perl 5.6.1, Solaris 7"
Previous message: Rauf Sarwar: "Re: damned oracle 9i on linux i386"
Next in thread: Mark Howard Cohn: "Re: Simple Oracle Advance Security Setup Guide"
Reply: Mark Howard Cohn: "Re: Simple Oracle Advance Security Setup Guide"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message