The full list of supported SSL_VERSION and SSL_CIPHER_SUITES values per database version are available here:
ssh opc@hrdb.example.com
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export WALLET_ROOT="$ORACLE_BASE/wallet_root"
PATH=$ORACLE_HOME/bin:$PATH
mkdir -p $WALLET_ROOT/tls
orapki wallet create -wallet $WALLET_ROOT/tls -pwd Oracle123 -auto_login
orapki wallet add -wallet $WALLET_ROOT/tls -pwd Oracle123 -trusted_cert -cert $WALLET_ROOT/sf_bundle-g2-g1.crt
orapki wallet add -wallet $WALLET_ROOT/tls -pwd Oracle123 -keysize 2048 -dn CN=hrdb.example.com
orapki wallet export -wallet $WALLET_ROOT/tls -pwd Oracle123 -dn CN=hrdb.dbauthdemo.com -request hrdb.csr
orapki wallet add -wallet $WALLET_ROOT/tls -pwd Oracle123 -user_cert -cert 31e303219bbcf898.crt
orapki wallet display -complete -wallet $WALLET_ROOT/tls -pwd Oracle123
mkdir -p $WALLET_ROOT/client_wallet/tls
orapki wallet create -wallet $WALLET_ROOT/client_wallet/tls -pwd Oracle123 -auto_login
orapki wallet add -wallet $WALLET_ROOT/client_wallet/tls -pwd Oracle123 -trusted_cert -cert $WALLET_ROOT/sf_bundle-g2-g1.crt
rsync -Have ssh $WALLET_ROOT/client_wallet/tls/. opc@clientdb:/u01/app/oracle/tls
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export ORACLE_SID="hrdb"
export TNS_ADMIN="$ORACLE_HOME/network/admin"
PATH=$ORACLE_HOME/bin:$PATH
cat $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
SSL_CIPHER_SUITES = (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
cat $ORACLE_HOME/network/admin/listener.ora
SSL_CLIENT_AUTHENTICATION = FALSE
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = hrdb.example.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = hrdb.example.com)(PORT = 2484))
(SECURITY=(WALLET_LOCATION=/u01/app/oracle/19c/wallet_root/tls))
)
)
ADR_BASE_LISTENER = /u01/app/oracle/19c
sqlplus / as sysdba
SQL> alter system set wallet_root='/u01/app/oracle/19c/wallet_root' scope=spfile;
SQL> shutdown immediate;
SQL> quit;
lsnrctl stop
lsnrctl stop
sqlplus / as sysdba
SQL> startup;
SQL> alter pluggable database all open;
SQL> alter system register;
SQL> quit;
sudo firewall-cmd --permanent --zone=public --add-port=1521/tcp
sudo firewall-cmd --permanent --zone=public --add-port=2484/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/client"
export LD_LIBRARY_PATH="$ORACLE_HOME/lib"
PATH=$ORACLE_HOME/bin:$PATH
mkdir -p $ORACLE_HOME
cd $ORACLE_HOME
unzip -qo /u01/bits/V982065-01.zip
cat $ORACLE_HOME/network/admin/tnsnames.ora
HRDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = hrdb.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
HRDB_SSL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = hrdb.example.com)(PORT = 2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
pdb1 =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=hrdb.example.com)(PORT=1521))
(CONNECT_DATA=
(SERVER = DEDICATED)
(SERVICE_NAME=pdb1)
)
)
pdb1_ssl =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCPS)(HOST=hrdb.example.com)(PORT=2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA=
(SERVER=dedicated)
(SERVICE_NAME=pdb1)
)
)
cat $ORACLE_HOME/network/admin/sqlnet.ora
WALLET_LOCATION=
(SOURCE=
(METHOD=file)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/tls)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
SSL_CIPHER_SUITES=(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/client"
export LD_LIBRARY_PATH="$ORACLE_HOME/lib"
PATH=$ORACLE_HOME/bin:$PATH
sqlplus system/Oracle123@hrdb_ssl
sqlplus system/Oracle123@pdb1_ssl
export ORACLE_BASE="/u01/app/oracle/23ai"
export ORACLE_HOME="$ORACLE_BASE/client"
export LD_LIBRARY_PATH="$ORACLE_HOME/lib"
PATH=$ORACLE_HOME/bin:$PATH
mkdir -p $ORACLE_HOME
cd $ORACLE_HOME
unzip -qo /u01/bits/V1044258-01.zip
cat $ORACLE_HOME/network/admin/tnsnames.ora
HRDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = hrdb.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
HRDB_SSL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = hrdb.example.com)(PORT = 2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
pdb1 =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=hrdb.example.com)(PORT=1521))
(CONNECT_DATA=
(SERVER = DEDICATED)
(SERVICE_NAME=pdb1)
)
)
pdb1_ssl =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCPS)(HOST=hrdb.example.com)(PORT=2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA=
(SERVER=dedicated)
(SERVICE_NAME=pdb1)
)
)
cat $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
SSL_CIPHER_SUITES = (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
export ORACLE_BASE="/u01/app/oracle/23ai"
export ORACLE_HOME="$ORACLE_BASE/client"
export LD_LIBRARY_PATH="$ORACLE_HOME/lib"
PATH=$ORACLE_HOME/bin:$PATH
7.2 Test to the container database (CDB) hrdb_ssl
sqlplus system/Oracle123@hrdb_ssl
sqlplus system/Oracle123@pdb1_ssl
No comments:
Post a Comment