Listener TCPS Oracle Database SSL
953748Aug 3 2012 — edited Aug 7 2012Hello,
I would like to switch my listener from tcp to tcps.
But we don't know how to do this, my configuration,
SERVER:
From server "*listener.ora*":
-----
SID_LIST_LISTENER =*
+(SID_LIST =+
+(SID_DESC =+
+(SID_NAME = PLSExtProc)+
+(ORACLE_HOME = /opt/u01/app/oracle/product/10.2.0)+
+(PROGRAM = extproc)+
+)+
+)+
SSL_CLIENT_AUTHENTICATION = FALSE*
WALLET_LOCATION =*
+(SOURCE =+
+(METHOD = FILE)+
+(METHOD_DATA =+
+(DIRECTORY = /etc/ORACLE/WALLETS/oracle)+
+)+
+)+
LISTENER =*
+(DESCRIPTION_LIST =+
+(DESCRIPTION =+
+(ADDRESS = (PROTOCOL = TCP)(HOST = tibcoone)(PORT = 1521))+
+)+
+)+
TRACE_LEVEL_LISTENER = ADMIN*
-----
From server "*sqlnet.ora*":
-----
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)*
SSL_VERSION = 0*
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)*
SSL_CLIENT_AUTHENTICATION = FALSE*
TRACE_LEVEL_SERVER = ADMIN*
WALLET_LOCATION =*
+(SOURCE =+
+(METHOD = FILE)+
+(METHOD_DATA =+
+(DIRECTORY = /etc/ORACLE/WALLETS/oracle)+
+)+
+)+
SQLNET.WALLET_OVERRIDE = TRUE*
-----
From server "*tnsnames.ora*":
-----
TIB =*
+(DESCRIPTION =+
+(ADDRESS_LIST =+
+(ADDRESS = (PROTOCOL = TCP)(HOST = tibcoone)(PORT = 1521))+
+)+
+(CONNECT_DATA =+
+(SERVICE_NAME = TIB)+
+)+
+)+
WALLET_LOCATION =*
+(SOURCE =+
+(METHOD = FILE)+
+(METHOD_DATA =+
+(DIRECTORY = /etc/ORACLE/WALLETS/oracle)+
+)+
+)+
EXTPROC_CONNECTION_DATA =*
+(DESCRIPTION =+
+(ADDRESS_LIST =+
+(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))+
+)+
+(CONNECT_DATA =+
+(SID = PLSExtProc)+
+(PRESENTATION = RO)+
+)+
+)+
-----
Version database server is:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit
Two files in the path from Wallet:
/etc/ORACLE/WALLETS/oracle/ewallet.p12
/etc/ORACLE/WALLETS/oracle/cwallet.sso
Server SQL> select parameter, value from v$option where upper(parameter) like '%SECURITY%';
Enterprise User Security TRUE
Oracle Label Security FALSE
CLIENT:
From client "*sqlnet.ora*":
-----
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)*
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)*
SSL_CLIENT_AUTHENTICATION = FALSE*
WALLET_LOCATION =*
+(SOURCE =+
+(METHOD = File)+
+(METHOD_DATA =+
+(DIRECTORY = "C:\Documents and Settings\user\ORACLE\WALLETS"))+
+)+
SSL_SERVER_DN_MATCH = OFF*
-----
From client "*tnsnames.ora*":
-----
TIB_CLIENT =*
+(DESCRIPTION =+
+(ADDRESS_LIST =+
+(ADDRESS = (PROTOCOL = TCPS)(HOST = tibcoone)(PORT = 1521))+
+)+
+(CONNECT_DATA =+
+(SERVICE_NAME = TIB)+
+)+
+(SECURITY =+
+(SSL_SERVER_CERT_DN = "cn=US,cn=CertForOracle,c=US,o=Company"))+
+)+
-----
My problem:
server$ lsnrctl start
...
Instance "TIB", status READY, has 1 handler(s) for this service...
...
client@ sqlplus system/pass@TIB_CLIENT
...
ERROR:
ora-28864 ssl connection closed gracefully
server$ less /opt/u01/app/oracle/product/10.2.0/network/log/listener.log
TNS-12502: TNS:listener received no CONNECT_DATA from client
I cannot connect my client into server database. I get error on client "ora-28864 ssl connection closed gracefully". I get error on server "TNS-12502: TNS:listener received no CONNECT_DATA from client"
Thanks in advance..