Manualshelf

User's Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
191192193194195196197198199200
Enabling SSL
Conguring Secure Sockets Layer Authentication 7-25
(SECURITY=
(SSL_SERVER_CERT_DN="cn=finance,cn=OracleContext,c=us,o=acme"))
The client uses this information to obtain the list of DNs it expects for each of
the servers, enforcing the server's DN to match its service name. Example 7–1
shows an entry for the Finance database in the tnsnames.ora file.
Alternatively, the administrator can ensure that the common name (CN)portion
of the server's DN matches the service name.
2. Also in the client tnsnames.ora file, enter tcps as the PROTOCOL in the
ADDRESS parameter. This specifies that the client will use TCP/IP with SSL to
connect to the database that is identified in the SERVICE_NAME parameter.
Example 7–1 also shows an entry that specifies TCP/IP with SSL as the
connecting protocol in the tnsnames.ora file.
3. In the listener.ora file, enter tcps as the PROTOCOL in the ADDRESS
parameter. Example 7–2 shows an entry that specifies TCP/IP with SSL as the
protocol.
Example 7–1 Sample tnsnames.ora File with Server Certificate DN and TCP/IP with
SSL Specified
finance=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL = tcps) (HOST = finance_server) (PORT = 1575)))
(CONNECT_DATA=
(SERVICE_NAME= Finance.us.acme.com))
(SECURITY=
(SSL_SERVER_CERT_DN="cn=finance,cn=OracleContext,c=us,o=acme"))
Example 7–2 Sample listener.ora File with TCP/IP with SSL Specified as the Protocol
LISTENER=
(DESCRIPTION_LIST=
(DESCRIPTION=
(ADDRESS= (PROTOCOL = tcps) (HOST = finance_server) (PORT = 1575))))
Step 3: Specify Required Client SSL Configuration (Wallet Location)
Use Oracle Net Manager to specify required configuration parameters for the client
(See "Starting Oracle Net Manager" on page 2-2):