Hello,
--from my laptop (client side) I can connect to database (through TCPS, TLS1.2) without problem
C:\User\tom>sqlplus scott/tiger@TLS74_TLS
SQL*Plus: Release 12.1.0.2.0 Production on Thu Jul 7 16:30:00 2016
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Last Successful login time: Thu Jul 07 2016 12:44:39 -05:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> exit
--now, this is my two certificates in my laptop (client) side wallet
C:\Users\tom>orapki wallet display -wallet "C:\app\oracle\wallet" -pwd Welcome2
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=hello.world.com
Subject: CN=myteam
---I want to remove CN=myteam
C:\Users\tom>orapki wallet remove -dn CN=myteam -trusted_cert -wallet "C:\app\oracle\wallet" -pwd Welcome2
--check
C:\Users\tom>orapki wallet display -wallet "C:\app\oracle\wallet" -pwd Welcome2
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=hello.world.com
--go to server side
--check
orapki wallet display -wallet "E:\app\oracle\owm\wallets" -pwd Welcome1
E:\app\oracle\product\12.1.0\dbhome_1\ldap\admin>orapki wallet display -wallet "E:\app\oracle\owm\wallets" -pwd Welcome1
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Subject: CN=myteam
Subject: CN=hello.world.com
Trusted Certificates:
Subject: CN=myteam
Subject: CN=hello.world.com
--remove CN=myteam
---remove user certificate first
E:\app\oracle\product\12.1.0\dbhome_1\ldap\admin>orapki wallet remove -dn CN=myteam -user_cert -wallet "E:\app\oracle\owm\wallets" -pwd Welcome1
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
--then remove trust certificate
E:\app\oracle\product\12.1.0\dbhome_1\ldap\admin>orapki wallet remove -dn CN=myteam -trusted_cert -wallet "E:\app\oracle\owm\wallets" -pwd Welcome1
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
--check
E:\app\oracle\product\12.1.0\dbhome_1\ldap\admin>orapki wallet display -wallet "E:\app\oracle\owm\wallets" -pwd Welcome1
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
Subject: CN=myteam
User Certificates:
Subject: CN=hello.world.com
Trusted Certificates:
Subject: CN=hello.world.com
--test connection from client side,
C:\Users\tom>sqlplus scott/tiger@TLS74_TLS
SQL*Plus: Release 12.1.0.2.0 Production on Tue Jul 5 15:09:33 2016
Copyright (c) 1982, 2014, Oracle. All rights reserved.
ERROR:
ORA-29024: Certificate validation failure
Questions here:
1. why failed like this (ORA-29024: Certificate validation failure) ?
2. In the server side, after removing, we still can see
Requested Certificates
what is that used for?
The purpose here is to remove CN=myteam, and still can connect database without problem like before, anyone know how?
Thank you very much!