Oracle配置tcps加密协议
2024-08-27 15:56:09
1、Oracle用户下操作,创建证书
mkdir /home/oracle/wallet
orapki wallet create -wallet "/home/oracle/wallet" -pwd WalletPasswd123 -auto_login_local
创建一个自签名证书并将其加载到
$ orapki wallet add -wallet "/home/oracle/wallet" -pwd WalletPasswd123 -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 3650
检查wallet的内容,需要注意的是自签名证书既是用户也是可信证书
$ orapki wallet display -wallet "/home/oracle/wallet" -pwd WalletPasswd123
导出证书,以便稍后将其加载到客户的wallet中
$ orapki wallet export -wallet "/home/oracle/wallet" -pwd WalletPasswd123 -dn "CN=`hostname`" -cert /tmp/`hostname`-certificate.crt
检查证书是否已按预期导出
$ cat /tmp/`hostname`-certificate.crt
2、监听配置
1、在服务器上,将以下内容添加到“$ORACLE_HOME/network/admin/sqlnet.ora”文件中
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /home/oracle/wallet)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
#SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CLIENT_AUTHENTICATION = TRUE
DIAG_ADR_ENABLED = OFF
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
ADR_BASE = /opt/app/oracle
2、将监听配置为接受SSL/TLS加密连接。编辑“$ORACLE_HOME/network/admin/listener.ora”文件,添加wallet信息以及TCPS内容 SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /home/oracle/wallet)
)
) LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.132.13)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = 192.168.132.13)(PORT = 2484))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2484))
)
)
DIAG_ADR_ENABLED_LISTENER = OFF
ADR_BASE_LISTENER = /opt/app/oracle
TRACE_LEVEL_LISTENER=user [oracle@db2 ~]$ cat /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
ORA11N =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST =192.168.132.13)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl11g.us.oracle.com)
(SID = icdc)
)
) TCPS1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 192.168.132.13)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl11g.us.oracle.com)
(SID = icdc)
)
) 重启监听 $ lsnrctl stop
$ lsnrctl start ```好像是 lsnrctl reload 也可以的,不用stop再start```
3、数据库本地测试
1、tcps登录测试
[oracle@db2 ~]$ sqlplus bjxq/bjxqww2sq2z@TCPS1
2、日志监控
[oracle@db2 ~]$ tail -f /opt/app/oracle/product/11.2.0/dbhome_1/network/log/listener.log
4、总结
Oracle配置tcps加密连接已经配置成功,至于业务连接需要开发配合,需要将crt文件转换为jks证书等等,不说了……
最新文章
- android shape的使用(转)
- 在MFC中,使用控制台Console输出调试信息
- OpenGL2.0及以上版本中glm,glut,glew,glfw,mesa等部件的关系
- 使用Windows安装的最高版本IE内核加载内嵌页(转载)
- Asp.net 解析json
- NeHe OpenGL教程 第二十九课:Blt函数
- URAL 1152. False Mirrors (记忆化搜索 状压DP)
- 一、Android NDK编程预备之Java jni简介
- 【原创教程】鲸吞HTML
- Cracking the Coding Interview 第一章
- Android线程之异步消息处理机制(三)——AsyncTask
- github 之 下载历史版本
- 老司机实战Windows Server Docker:1 初体验之各种填坑
- 跟着刚哥梳理java知识点——数组(七)
- 防止微信浏览器video标签全屏的问题
- LAV Filter 源代码分析 3: LAV Video (1)
- Retrofit2.0 设置 连接超时
- Jmeter固定定时器(Constant Timer)
- asp.net mvc自动压缩文件,并生成CDN引用
- ASP.NET MVC验证码演示(Ver2)