listener with tcps

How can you use SSL to encrypt your network traffic?

Here is how I did it.

  1. Install Oracle Certification Authority 10.1.4
  2. you need a CA to approve a certification request

  3. Install Oracle Database 10gR2 Enterprise Edition with Advanced Security Options
  4. Start Wallet Manager
  5. from Database Oracle Home, start $ORACLE_HOME/bin/owm

  6. create a new Wallet
  7. define a password

  8. add certificate request
  9. fill the fields or chose advanced :
    CN=yourhost,DC=yourdomain,DC=com

  10. Start OCA
  11. from OCA home, start $ORACLE_HOME/oca/bin/ocactl start

  12. Open OCA homepage
  13. Open your browser on
    https://yourhost.yourdomain.com:6600/oca/user
    Install the ROOTca in your browser

  14. Request a new certificate
  15. Server/SubCA Certificates – Request a certificate – Paste String from OWM

  16. Approve the certificate
  17. log on the admin page,
    https://yourhost.yourdomain.com:6600/oca/admin
    define your identity, then in Certificate Management, select the certification request and approve it.

  18. Import the certificate in OWM
  19. Select the approved certificate, view details.
    In owm, import user certificate , and copy paste the BASE64 string.
    To get the CA string, download the CA certificate from
    https://yourhost.yourdomain.com:6600/oca/certDownload

  20. Save the wallet
  21. The certificate should show [Ready]
    Select Autologin
    Save in system default (/etc/ORACLE/WALLETS/oracle)

Ok, we are now ready to use the TCPS protocol

listener.ora
LISTENER=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)
(HOST=yourhost.yourdomain.com)(PORT=1521)))

tnsnames.ora
LSC01=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)
(HOST=yourhost.yourdomain.com)(PORT=1521))
(CONNECT_DATA=(SERVICE_NAME=LSC01)))

Start the listener
$ lsnrctl start
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)
(HOST=yourhost.yourdomain.com)(PORT=1521)))
The command completed successfully

Test it!
$ sqlplus scott/tiger@lsc01
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production
SQL>

10 thoughts on “listener with tcps

  1. Pingback: Laurent Schneider » Blog Archive » check if using tcp or tcps

  2. Pingback: Laurent Schneider » Blog Archive » user identified externally with SSL certificate

  3. Ivan Pechorin

    It’s wierd to provide SSL encryption only as part of “Advanced security” option of Enterprise Edition.

    It is year 2007 now. SSL is basic for few years, not “Advanced”!

  4. Alan Nolan-Davies

    Thanks for posting this Laurent.

    It’s a very comprehensive note and has saved me a lot of time.

    Mostly because my client does not have the Advanced Security Option so we have to rule out SSL for the moment.

    Thanks,
    Alan…

  5. Pingback: OOW10: All Over « ORAganism

  6. Pingback: jdbc ssl | Laurent Schneider

  7. Sam

    Hello Mr.Schneider

    Thank you very much for such detailed explaination. My question is using TCPS in Listener.ora in Datagaurd environment: First is it Possible to implment this in dataguard(one Physical standby) environment in Oracle 11.2.0.4 in Suse Linux 11 Sp4.

    Apart from this can we use listener Class of Secure Transports (COST) Parameters in Dataguard environment

    SECURE_CONTROL_listener_name

    SECURE_REGISTER_listener_name

    SECURE_PROTOCOL_listener_name

    DYNAMIC_REGISTRATION_listener_name

    Thanks & Regards
    sam

Comments are closed.