# Linux platform

### Tools/Libraries

1. Download and unzip the Oracle instant client from <https://www.oracle.com/cis/database/technologies/instant-client/linux-x86-64-downloads.html>.
2. Download and unzip the *SQLcl* from [*https://www.oracle.com/database/sqldeveloper/technologies/sqlcl/download/*](https://www.oracle.com/database/sqldeveloper/technologies/sqlcl/download/)*.*

   For example, Instant client is unzipped in */home/ubuntu/\<user>/instantclient\_21\_9* and *SQLcl* is unzipped in */home/ubuntu/\<user>/sqlcl.*

### Setup Oracle wallet

Installing `orapki` utility from Oracle takes more time and needs to install whole fusion middleware packages. Instead, please use the below script.

{% code lineNumbers="true" %}

```bash
#!/bin/bash
# set classpath for orapki - align this to your local SQLcl installation
SQLCL=<sqlcl unzipped path>/lib/ # For ex - /home/ubuntu/<user>/sqlcl/lib/
CLASSPATH=${SQLCL}/oraclepki.jar:${SQLCL}/osdt_core.jar:${SQLCL}/osdt_cert.jar
# simulate orapki command
java -classpath ${CLASSPATH} oracle.security.pki.textui.OraclePKITextUI "$@"
```

{% endcode %}

{% code lineNumbers="true" %}

```bash
# Make orapki as executable
# chmod +x orapki
```

{% endcode %}

### Import CA certificate to wallet <a href="#import-ca-certificate-to-wallet" id="import-ca-certificate-to-wallet"></a>

* Download the CA certificate from DB service **Overview** page.

  <figure><img src="https://3421475909-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXNKiIctERJykfezXfUU2%2Fuploads%2F5mOIhnN88zHlfebhsXNd%2Fimage.png?alt=media&#x26;token=996ae50e-c3c8-4a8e-a88f-90afe956e865" alt=""><figcaption></figcaption></figure>
* Create wallet directory.

{% code lineNumbers="true" %}

```
./orapki wallet create -wallet /home/ubuntu/<user>/wallet/ -auto_login_only
```

{% endcode %}

* Import CA certificate to the wallet.

{% code lineNumbers="true" %}

```
./orapki wallet add -wallet /home/ubuntu/<user>/wallet/ -trusted_cert -cert TessellCA.crt -auto_login_only
```

{% endcode %}

* Verify the CA in the wallet.

{% code lineNumbers="true" %}

```
./orapki wallet display -wallet /home/ubuntu/<user>/wallet/
Oracle PKI Tool Release 21.0.0.0.0 - Production
Version 21.0.0.0.0
Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject:        CN=tessell.com
```

{% endcode %}

### sqlnet.ora <a href="#sqlnet.ora" id="sqlnet.ora"></a>

* Create *sqlnet.ora* file with wallet location in *\<instant\_client\_path>network/admin.*

{% code lineNumbers="true" %}

```
WALLET_LOCATION =
  (SOURCE =
   (METHOD = FILE)
   (METHOD_DATA =
    (DIRECTORY = /Users/<user>/orainscli/test_wallet)
   )
  )
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
SSL_SERVER_DN_MATCH = ON
```

{% endcode %}

* Connect using sqlplus.
  * Download and install sqlplus package.
  * Set ORACLE\_HOME (where instant lib and sqlplus are installed/unzipped).

{% code lineNumbers="true" %}

```
export ORACLE_HOME=/home/ubuntu/<user>/instantclient_21_9
```

{% endcode %}

confirm sqlnet.ora is present in $ORACLE\_HOME/network/admin

* Connect to DB.

{% code lineNumbers="true" %}

```
sqlplus <user>/<password>@(DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = oraclessl<service name>dnd-efwyu.qarel.tsl-barc.cloud)(PORT = 1521))(CONNECT_DATA = (SERVICE_NAME = <service name>))(SECURITY = (SSL_SERVER_CERT_DN = "CN=oraclessl<service name>dnd-efwyu.qarel.tsl-barc.cloud")))
```

{% endcode %}

* Confirm connected protocol.

{% code lineNumbers="true" %}

```
SQL> SELECT sys_context('USERENV', 'NETWORK_PROTOCOL') as network_protocol, sys_context('USERENV', 'AUTHENTICATION_METHOD') as authentication_method FROM dual;
NETWORK_PROTOCOL
--------------------------------------------------------------------------------
AUTHENTICATION_METHOD
--------------------------------------------------------------------------------
tcps
PASSWORD
```

{% endcode %}