I want my DB to send the data to the client in an encrypted way.
I Googled and found that Oracle has SSL. Unfortunately, I can't find a step by step tutorial which explains how to create a self-signed certificate, configure SSL on DB side, configure SSL on client side and test it.
Please, share your knowledge with me.
Thank you in advance.
—EDIT
My steps:
- Run Oracle Wallet Manager on DB server.
- Create New wallet.
- Create New Certificate Request.
- Exported Certificate Request.
- Using ssl.ca-0.1 (Downloaded from http://www.openssl.org/contrib/) created self-signed root certificate using
new-root-ca.sh
and imported as a trusted certificate on DB server. - Created self-signed server certificate by running the
sign-server-cert.sh
and imported as an user certificate on DB server.
Here I am confused , …. don't know how to configure client side
In ssl.ca-0.1 there is also files new-user-cert.sh
and sign-user-cert.sh
, for what they are used I don't understand.
Tried to run them using the same certification request that was exported from DB server and tried to import it on the client wallet AM I WRONG?
May be yes, because it doesn't import user certificate… I am really confused don't understand the main idea.
I copied wallet generated on DB server on the client side wallet location, AM I RIGHT?
Best Answer
I found the answer.
In my post I've described how to create trusted and user certificates. As I guess trusted certificate is public key and user certificate is a private key(correct me if I am wrong).
Now I write how I have done this job.
--on DB server
Run owm(Oracle Wallet Manager) and:
--On client server Copied root certificate(generated previously).
Create new wallet.
Create certification request.
Import trusted certificate by choosing copied root certificate.
Edit
tnsnames.ora
file on client server to use TNS entry using protocol TCPS and port, for example, 2484.Edit
listener.ora
file on DB server to listen port 2484 and protocol TCPS.Open Net Manager and configure SSL on both sides.
--DB side
Indicate wallet directory.
I've unchecked "Require Client Authentication" and other options what you want.
--Client side
Indicate wallet directory..
and other options what you want.