Re: Simple Oracle Advance Security Setup Guide

What about using CMAN with SSL in Oracle 9i (9.2.0.1)? Will this work or is it possible at all? Is there a way for CMAN to handle the port redirection nature of OAS?

rsandoz_at_hotmail.com (Richard Sandoz) wrote in message news:<9741a2b8.0305212007.11188f81_at_posting.google.com>...
> Simple Oracle Advance Security Setup Guide Oracle 9.2
> by Richard Sandoz
>
> (1) Create a wallet. Start "Wallet Manager". Create a wallet.
> Caution: Do not use the default location in win2k, xp, etcetera.
> This (Documents and Settings) contains spaces which presents
> compatibility issues with the version of Java Oracle uses. I chose
> C:\WALLETS. Enable Auto-Login under the menu "Wallets". The wallet
> creation create the file ewallet.p12 and the auto-login option creates
> the file cwallet.sso. You can also export certificates from mmc or
> Internet Explorer. Just be sure to export the private key, check
> "Include all certificates in the certification path if possible",
> rename the file to ewallet.p12, open it in "Wallet Manager", enable
> Auto-Login.
>
> (2) Modify sqlnet.ora. Add the following entry which identifies the
> location of the wallet:
> WALLET_LOCATION =
> (SOURCE =
> (METHOD = FILE)
> (METHOD_DATA =
> (DIRECTORY = C:\WALLETS)
> )
> )
>
> (3) Modify listener.ora. Add the following entry which identifies the
> location of the wallet and you LISTENER entry contains the TCPS, port
> 2484 line:
> WALLET_LOCATION =
> (SOURCE =
> (METHOD = FILE)
> (METHOD_DATA =
> (DIRECTORY = C:\WALLETS)
> )
> )
>
> LISTENER =
> (DESCRIPTION_LIST =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT =
> 2484))
> )
> )
> )
>
> (4) Modify tnsnames.ora. Add the following entry which identifies the
> ssl connections network parameters:
> MYSSL =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT = 2484))
> )
> (CONNECT_DATA =
> (SERVICE_NAME = myservice)
> )
> )
>
> (5) Open the Windows Servce Manager. Modify the TNSListener and the
> database services as follows. Select the "Log on" tab. Change "Log
> on as" from "Local System Account" to the account you completed step
> (1) with (the account which owns the wallet). Restart these services
> with these settings.
>
> (*) General troubleshooting considerations:
> ORA-28759: Failed to open file
> Did you create a wallet?
> Did you enable Auto-Login in Wallet Manager? There should be a file
> "cwallet.sso" in your wallet folder.
>
> ORA-28868: certificate chain check failed
> Is your requested certificate complete?
>
> ORA-28862: SSL connection failed
> Did you set the TNSListener Service to log on using the account which
> owns the wallet?
> Did you set the Database Service to log on using the account which
> owns the wallet?
>
> TNS-12560: TNS:protocol adapter error
> Did you set the TNSListener Service to log on using the account which
> owns the wallet?
>
> ORA-29002: SSL Transport detected invalid or obsolete server
> certificate
> ensure SQLNET.ORA does not contain the following line
> SSL_SERVER_DN_MATCH=ON
> you can also set this to off or create a cert with a CN (part of a DN)
> that of the same as the database SERVICE_NAME
>
> ORA-28865: SSL connection closed
> Is you SSL_VERSION correct in SQLNET.ORA
>
> ORA-12560: TNS:protocol adapter error
> Is you SSL_VERSION correct in SQLNET.ORA
Received on Thu May 22 2003 - 19:11:54 CEST