The full list of supported SSL_VERSION and SSL_CIPHER_SUITES values per database version are available here:
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export WALLET_ROOT="$ORACLE_BASE/wallet_root"
PATH=$ORACLE_HOME/bin:$PATH
mkdir -p $WALLET_ROOT/rootca_wallet/tls
orapki wallet create -wallet $WALLET_ROOT/rootca_wallet/tls -pwd Oracle123 -auto_login
orapki wallet add -wallet $WALLET_ROOT/rootca_wallet/tls -pwd Oracle123 -dn CN=root_ca -keysize 2048 -sign_alg sha256 -self_signed -validity 3500
orapki wallet export -wallet $WALLET_ROOT/rootca_wallet/tls -pwd Oracle123 -dn CN=root_ca -cert $WALLET_ROOT/rootca_wallet/root_wallet.crt
mkdir -p $WALLET_ROOT/hrdb_wallet/tls
orapki wallet create -wallet $WALLET_ROOT/hrdb_wallet/tls -pwd Oracle123 -auto_login
orapki wallet add -wallet $WALLET_ROOT/hrdb_wallet/tls -pwd Oracle123 -trusted_cert -cert $WALLET_ROOT/rootca_wallet/root_wallet.crt
orapki wallet add -wallet $WALLET_ROOT/hrdb_wallet/tls -pwd Oracle123 -keysize 2048 -dn CN=db_19c_hr
orapki wallet export -wallet $WALLET_ROOT/hrdb_wallet/tls -pwd Oracle123 -dn CN=db_19c_hr -request $WALLET_ROOT/hrdb_wallet/db_19c_hr.csr
orapki cert create -wallet $WALLET_ROOT/rootca_wallet/tls -pwd Oracle123 -request $WALLET_ROOT/hrdb_wallet/db_19c_hr.csr -cert $WALLET_ROOT/hrdb_wallet/db_19c_hr.crt -validity 3500 -sign_alg sha256
orapki wallet add -wallet $WALLET_ROOT/hrdb_wallet/tls -pwd Oracle123 -user_cert -cert $WALLET_ROOT/hrdb_wallet/db_19c_hr.crt
mkdir -p $WALLET_ROOT/client_wallet/tls
orapki wallet create -wallet $WALLET_ROOT/client_wallet/tls -pwd Oracle123 -auto_login
orapki wallet add -wallet $WALLET_ROOT/client_wallet/tls -pwd Oracle123 -trusted_cert -cert $WALLET_ROOT/rootca_wallet/root_wallet.crt
export ORACLE_BASE="/u01/app/oracle/19c"
export WALLET_ROOT="$ORACLE_BASE/wallet_root"
rsync -Have ssh $WALLET_ROOT/hrdb_wallet/tls/. opc@hrdb:$WALLET_ROOT/tls
ssh opc@hrdb
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export WALLET_ROOT="$ORACLE_BASE/wallet_root"
export TNS_ADMIN="$ORACLE_HOME/network/admin"
export ORACLE_SID="hrdb"
PATH=$ORACLE_HOME/bin:$PATH
$ORACLE_HOME/bin/sqlplus / as sysdba
SQL> select name,guid from v$containers;
SQL> quit;
for pdbguid in 262D482FB47D7B8BE0638400000A1737
do
mkdir -p $WALLET_ROOT/$pdbguid/tls
cp $WALLET_ROOT/tls/ewallet.p12 $WALLET_ROOT/$pdbguid/tls
cp $WALLET_ROOT/tls/cwallet.sso $WALLET_ROOT/$pdbguid/tls
done
rsync -Have ssh $WALLET_ROOT/rootca_wallet/root_wallet.crt opc@clientdb:/u01/app/oracle/root_wallet.crt
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export ORACLE_SID="hrdb"
export TNS_ADMIN="$ORACLE_HOME/network/admin"
PATH=$ORACLE_HOME/bin:$PATH
cat $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
SSL_CIPHER_SUITES = (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
cat $ORACLE_HOME/network/admin/listener.ora
SSL_CLIENT_AUTHENTICATION = FALSE
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = hrdb.example.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = hrdb.example.com)(PORT = 2484))
(SECURITY=(WALLET_LOCATION=/u01/app/oracle/19c/wallet_root/tls))
)
)
ADR_BASE_LISTENER = /u01/app/oracle/19c
sqlplus / as sysdba
SQL> alter system set wallet_root='/u01/app/oracle/19c/wallet_root' scope=spfile;
SQL> shutdown immediate;
SQL> quit;
lsnrctl stop
lsnrctl stop
sqlplus / as sysdba
SQL> startup;
SQL> alter pluggable database all open;
SQL> alter system register;
SQL> quit;
sudo firewall-cmd --permanent --zone=public --add-port=1521/tcp
sudo firewall-cmd --permanent --zone=public --add-port=2484/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
export ORACLE_BASE="/u01/app/oracle/23ai"
export ORACLE_HOME="$ORACLE_BASE/client"
PATH=$ORACLE_HOME/bin:$PATH
mkdir -p $ORACLE_HOME
cd $ORACLE_HOME
unzip -qo /u01/bits/V982065-01.zip
cat $ORACLE_HOME/network/admin/tnsnames.ora
HRDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = hrdb.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
HRDB_SSL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = hrdb.example.com)(PORT = 2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
pdb1 =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=hrdb.example.com)(PORT=1521))
(CONNECT_DATA=
(SERVER = DEDICATED)
(SERVICE_NAME=pdb1)
)
)
pdb1_ssl =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCPS)(HOST=hrdb.example.com)(PORT=2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA=
(SERVER=dedicated)
(SERVICE_NAME=pdb1)
)
)
cat $ORACLE_HOME/network/admin/sqlnet.ora
WALLET_LOCATION=
(SOURCE=
(METHOD=file)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/tls)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
SSL_CIPHER_SUITES=(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
cat /u01/app/oracle/root_wallet.crt | sudo tee -a /etc/pki/tls/cert.pem
rm /u01/app/oracle/root_wallet.crt
export ORACLE_BASE="/u01/app/oracle/19c"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export LD_LIBRARY_PATH="$ORACLE_HOME/lib"
PATH=$ORACLE_HOME/bin:$PATH
sqlplus system/Oracle123@hrdb_ssl
sqlplus system/Oracle123@pdb1_ssl
export ORACLE_BASE="/u01/app/oracle/23ai"
export ORACLE_HOME="$ORACLE_BASE/client"
PATH=$ORACLE_HOME/bin:$PATH
mkdir -p $ORACLE_HOME
cd $ORACLE_HOME
unzip -qo /u01/bits/V1044258-01.zip
cat $ORACLE_HOME/network/admin/tnsnames.ora
HRDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = hrdb.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
HRDB_SSL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = hrdb.example.com)(PORT = 2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = hrdb)
)
)
pdb1 =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=hrdb.example.com)(PORT=1521))
(CONNECT_DATA=
(SERVER = DEDICATED)
(SERVICE_NAME=pdb1)
)
)
pdb1_ssl =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCPS)(HOST=hrdb.example.com)(PORT=2484))
(SECURITY=(WALLET_LOCATION=SYSTEM))
(CONNECT_DATA=
(SERVER=dedicated)
(SERVICE_NAME=pdb1)
)
)
cat $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
SSL_CIPHER_SUITES = (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
cat /u01/app/oracle/root_wallet.crt | sudo tee -a /etc/pki/tls/cert.pem
rm /u01/app/oracle/root_wallet.crt
export ORACLE_BASE="/u01/app/oracle/23ai"
export ORACLE_HOME="$ORACLE_BASE/dbhome_1"
export LD_LIBRARY_PATH="$ORACLE_HOME/lib"
PATH=$ORACLE_HOME/bin:$PATH
8.2 Test to the container database (CDB) hrdb_ssl
sqlplus system/Oracle123@hrdb_ssl
sqlplus system/Oracle123@pdb1_ssl
No comments:
Post a Comment