Hi friends,
I am currently trying to configure one-way TLS as per this video. Running Oracle 21c (with the pre-install test DB) on RHLE 8. I have also tried running Oracle 21c on Windows Server 2022 with the same issue.
Using port 1521 for TCP with no issues connecting.
Using port 1522 for TCPS and can't connect.
Can anyone provide me with some steps to help me troubleshoot this please? Just let me know if there is any more information you need.
Thank you!
Followed this guide to create the self-signed cert in wallet:
https://dbsguru.com/steps-to-create-self-signed-server-and-client-ssl-certificates-in-oracle/
I get the below output with cURL:
curl -vvv -k https://10.237.128.139:1522
* Trying 10.237.128.139:1522...
* Connected to 10.237.128.139 (10.237.128.139) port 1522
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, handshake failure (552):
* OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure
* Closing connection
curl: (35) OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure
Telnet appears to connect successfully:
telnet 10.237.128.139 1522
Trying 10.237.128.139...
Connected to 10.237.128.139.
Escape character is '^]'.
Last few entries in /u01/app/oracle/diag/tnslsnr/cw-rhle-01/listener/alert/log.xml:
<msg time='2024-09-07T23:14:47.106-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:14:47 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=cw-rhle-01)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=352321536)(CONNECTION_ID=IZQK5tcZf6bgZQAAAAAAAQ==)) * status * 0
</txt>
</msg>
<msg time='2024-09-07T23:14:55.343-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:14:55 * (ADDRESS=(PROTOCOL=tcps)(HOST=10.237.128.53)(PORT=52372)) * <unknown connect data> * 28860
</txt>
</msg>
<msg time='2024-09-07T23:14:55.343-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>ORA-28860: Fatal SSL error
TNS-00542: SSL Handshake failed
TNS-12560: TNS:protocol adapter error
TNS-00542: SSL Handshake failed
Linux Error: 29024: Unknown error 29024
</txt>
</msg>
<msg time='2024-09-07T23:15:42.606-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=cw-rhle-01)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
</txt>
</msg>
<msg time='2024-09-07T23:15:42.606-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:15:42 * (ADDRESS=(PROTOCOL=tcp)(HOST=::1)(PORT=58910)) * service_register * orcl * 0
</txt>
</msg>
<msg time='2024-09-07T23:23:31.015-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:23:31 * service_update * orcl * 0
</txt>
</msg>
<msg time='2024-09-07T23:30:48.996-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:30:48 * (ADDRESS=(PROTOCOL=tcps)(HOST=10.237.128.53)(PORT=39888)) * <unknown connect data> * 28860
</txt>
</msg>
<msg time='2024-09-07T23:30:48.996-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>ORA-28860: Fatal SSL error
TNS-00542: SSL Handshake failed
TNS-12560: TNS:protocol adapter error
TNS-00542: SSL Handshake failed
Linux Error: 29024: Unknown error 29024
When I try to connect using Oracle SQL Developer:
sqlnet.ora
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY=/etc/ORACLE/WALLETS/oracle/)))
tnsnames.ora
ORCL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = cw-rhle-01)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
ORCL1 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = cw-rhle-01)(PORT = 1522))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
listener.ora
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = cw-rhle-01)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = cw-rhle-01)(PORT = 1522))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
SID_LIST_LISTENER=
(SID_LIST=
(SID_DESC=
(ORACLE_HOME=/u01/app/oracle/product/21c/db_home)
(SID_NAME=orcl)
(GLOBAL_DBNAME=ORCL))
)
SSL_CLIENT_AUTENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY=/etc/ORACLE/WALLETS/oracle/)))