Linux platform

Tools/Libraries

Download and unzip the Oracle instant client from https://www.oracle.com/cis/database/technologies/instant-client/linux-x86-64-downloads.html.
Download and unzip the SQLcl from https://www.oracle.com/database/sqldeveloper/technologies/sqlcl/download/.
For example, Instant client is unzipped in /home/ubuntu/<user>/instantclient_21_9 and SQLcl is unzipped in /home/ubuntu/<user>/sqlcl.

Setup Oracle wallet

Installing orapki utility from Oracle takes more time and needs to install whole fusion middleware packages. Instead, please use the below script.

#!/bin/bash
# set classpath for orapki - align this to your local SQLcl installation
SQLCL=<sqlcl unzipped path>/lib/ # For ex - /home/ubuntu/<user>/sqlcl/lib/
CLASSPATH=${SQLCL}/oraclepki.jar:${SQLCL}/osdt_core.jar:${SQLCL}/osdt_cert.jar
# simulate orapki command
java -classpath ${CLASSPATH} oracle.security.pki.textui.OraclePKITextUI "$@"

# Make orapki as executable
# chmod +x orapki

Import CA certificate to wallet

Download the CA certificate from DB service Overview page.
Create wallet directory.

./orapki wallet create -wallet /home/ubuntu/<user>/wallet/ -auto_login_only

Import CA certificate to the wallet.

./orapki wallet add -wallet /home/ubuntu/<user>/wallet/ -trusted_cert -cert TessellCA.crt -auto_login_only

Verify the CA in the wallet.

./orapki wallet display -wallet /home/ubuntu/<user>/wallet/
Oracle PKI Tool Release 21.0.0.0.0 - Production
Version 21.0.0.0.0
Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject:        CN=tessell.com

sqlnet.ora

Create sqlnet.ora file with wallet location in <instant_client_path>network/admin.

WALLET_LOCATION =
  (SOURCE =
   (METHOD = FILE)
   (METHOD_DATA =
    (DIRECTORY = /Users/<user>/orainscli/test_wallet)
   )
  )
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
SSL_SERVER_DN_MATCH = ON

Connect using sqlplus.
- Download and install sqlplus package.
- Set ORACLE_HOME (where instant lib and sqlplus are installed/unzipped).

export ORACLE_HOME=/home/ubuntu/<user>/instantclient_21_9

confirm sqlnet.ora is present in $ORACLE_HOME/network/admin

Connect to DB.

sqlplus <user>/<password>@(DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = oraclessl<service name>dnd-efwyu.qarel.tsl-barc.cloud)(PORT = 1521))(CONNECT_DATA = (SERVICE_NAME = <service name>))(SECURITY = (SSL_SERVER_CERT_DN = "CN=oraclessl<service name>dnd-efwyu.qarel.tsl-barc.cloud")))

Confirm connected protocol.

SQL> SELECT sys_context('USERENV', 'NETWORK_PROTOCOL') as network_protocol, sys_context('USERENV', 'AUTHENTICATION_METHOD') as authentication_method FROM dual;
NETWORK_PROTOCOL
--------------------------------------------------------------------------------
AUTHENTICATION_METHOD
--------------------------------------------------------------------------------
tcps
PASSWORD

PreviousDatabase connections using SSL NextMac platform

Last updated 2 months ago

Was this helpful?