How to setup Oracle SSL using self-signed certificate between client and DB

oracleSecurityssl

I want my DB to send the data to the client in an encrypted way.
I Googled and found that Oracle has SSL. Unfortunately, I can't find a step by step tutorial which explains how to create a self-signed certificate, configure SSL on DB side, configure SSL on client side and test it.

Please, share your knowledge with me.

Thank you in advance.

—EDIT

My steps:

  1. Run Oracle Wallet Manager on DB server.
  2. Create New wallet.
  3. Create New Certificate Request.
  4. Exported Certificate Request.
  5. Using ssl.ca-0.1 (Downloaded from http://www.openssl.org/contrib/) created self-signed root certificate using new-root-ca.sh and imported as a trusted certificate on DB server.
  6. Created self-signed server certificate by running the sign-server-cert.sh and imported as an user certificate on DB server.

Here I am confused , …. don't know how to configure client side

In ssl.ca-0.1 there is also files new-user-cert.sh and sign-user-cert.sh, for what they are used I don't understand.

Tried to run them using the same certification request that was exported from DB server and tried to import it on the client wallet AM I WRONG?

May be yes, because it doesn't import user certificate… I am really confused don't understand the main idea.

I copied wallet generated on DB server on the client side wallet location, AM I RIGHT?

Best Answer

I found the answer.

In my post I've described how to create trusted and user certificates. As I guess trusted certificate is public key and user certificate is a private key(correct me if I am wrong).

Now I write how I have done this job.

--on DB server

Run owm(Oracle Wallet Manager) and:

  1. Create new wallet.
  2. Create certification request.
  3. Export certification request.
  4. using ssl.ca-0.1(Downloaded from http://www.openssl.org/contrib/) created self-signed root certificate using new-root-ca.sh and imported as a trusted certificate on DB server.
  5. Created self-signed server certificate by running the sign-server-cert.sh and imported as an user certificate on DB server.

--On client server Copied root certificate(generated previously).

  1. Create new wallet.

  2. Create certification request.

  3. Import trusted certificate by choosing copied root certificate.

Edit tnsnames.ora file on client server to use TNS entry using protocol TCPS and port, for example, 2484.

Edit listener.ora file on DB server to listen port 2484 and protocol TCPS.

Open Net Manager and configure SSL on both sides.

--DB side

Indicate wallet directory.

I've unchecked "Require Client Authentication" and other options what you want.

--Client side

Indicate wallet directory..

and other options what you want.

Related Question