Corporation Network Router User Manual
Enabling SSL
7-24 Oracle Database Advanced Security Administrator's Guide
Step 1: Confirm Client Wallet Creation
Before proceeding with the next step, you must confirm that a wallet has been
created on the client and that the client has a valid certificate.
Step 2: Configure Oracle Net Service Name to Include Server DNs and Use
TCP/IP with SSL on the Client
You must specify the server's distinguished name (DN) and TCPS as the protocol
in the client network configuration files to enable server DN matching and TCP/IP
with SSL connections. Server DN matching prevents the database server from
faking its identity to the client during connections by matching the server's global
database name against the DN from the server certificate.
You must manually edit the client network configuration files, tnsnames.ora and
listener.ora, to specify the server's DN and the TCP/IP with SSL protocol. The
tnsnames.ora file can be located on the client or in the LDAP directory. If it is
located on the client, then it typically resides in the same directory as the
listener.ora file. Depending on your operating system, these files reside in the
following directory locations:
■ (UNIX) ORACLE_HOME/network/admin/
■ (Windows) ORACLE_BASE\ORACLE_HOME\network\admin\
To edit the tnsnames.ora and listener.ora files, use the following steps:
1. In the client tnsnames.ora file, add the SSL_SERVER_CERT_DN parameter
and specify the database server's DN as follows:
Note: Oracle Corporation recommends that you use Oracle Wallet
Manager to remove the trusted certificate in your Oracle wallet
associated with each certificate authority that you do not use.
See Also:
■ Chapter 8, "Using Oracle Wallet Manager", for general
information about wallets
■ "Opening an Existing Wallet" on page 8-13, for information
about opening an existing wallet
■ "Creating a New Wallet" on page 8-10, for information about
creating a new wallet