Skip to Main Content

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Issue enabling Oracle database connections with one-way TLS

Walt ToeSep 8 2024 — edited Sep 9 2024

Hi friends,

I am currently trying to configure one-way TLS as per this video. Running Oracle 21c (with the pre-install test DB) on RHLE 8. I have also tried running Oracle 21c on Windows Server 2022 with the same issue.

Using port 1521 for TCP with no issues connecting.

Using port 1522 for TCPS and can't connect.

Can anyone provide me with some steps to help me troubleshoot this please? Just let me know if there is any more information you need.

Thank you!

Followed this guide to create the self-signed cert in wallet:

https://dbsguru.com/steps-to-create-self-signed-server-and-client-ssl-certificates-in-oracle/

I get the below output with cURL:

curl -vvv -k https://10.237.128.139:1522
*   Trying 10.237.128.139:1522...
* Connected to 10.237.128.139 (10.237.128.139) port 1522
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, handshake failure (552):
* OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure
* Closing connection
curl: (35) OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure

Telnet appears to connect successfully:

telnet 10.237.128.139 1522
Trying 10.237.128.139...
Connected to 10.237.128.139.
Escape character is '^]'.

Last few entries in /u01/app/oracle/diag/tnslsnr/cw-rhle-01/listener/alert/log.xml:

<msg time='2024-09-07T23:14:47.106-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:14:47 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=cw-rhle-01)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=352321536)(CONNECTION_ID=IZQK5tcZf6bgZQAAAAAAAQ==)) * status * 0
</txt>
</msg>
<msg time='2024-09-07T23:14:55.343-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:14:55 * (ADDRESS=(PROTOCOL=tcps)(HOST=10.237.128.53)(PORT=52372)) * <unknown connect data> * 28860
</txt>
</msg>
<msg time='2024-09-07T23:14:55.343-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>ORA-28860: Fatal SSL error
TNS-00542: SSL Handshake failed
TNS-12560: TNS:protocol adapter error
 TNS-00542: SSL Handshake failed
  Linux Error: 29024: Unknown error 29024
</txt>
</msg>
<msg time='2024-09-07T23:15:42.606-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=cw-rhle-01)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
</txt>
</msg>
<msg time='2024-09-07T23:15:42.606-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:15:42 * (ADDRESS=(PROTOCOL=tcp)(HOST=::1)(PORT=58910)) * service_register * orcl * 0
</txt>
</msg>
<msg time='2024-09-07T23:23:31.015-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:23:31 * service_update * orcl * 0
</txt>
</msg>
<msg time='2024-09-07T23:30:48.996-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>07-SEP-2024 23:30:48 * (ADDRESS=(PROTOCOL=tcps)(HOST=10.237.128.53)(PORT=39888)) * <unknown connect data> * 28860
</txt>
</msg>
<msg time='2024-09-07T23:30:48.996-04:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='cw-rhle-01'
host_addr='::1' pid='32680'>
<txt>ORA-28860: Fatal SSL error
TNS-00542: SSL Handshake failed
TNS-12560: TNS:protocol adapter error
 TNS-00542: SSL Handshake failed
  Linux Error: 29024: Unknown error 29024

When I try to connect using Oracle SQL Developer:

sqlnet.ora

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY=/etc/ORACLE/WALLETS/oracle/)))

tnsnames.ora

ORCL =
(DESCRIPTION =
  (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = cw-rhle-01)(PORT = 1521))
  )
  (CONNECT_DATA =
    (SERVICE_NAME = orcl)
  )
)
ORCL1 =
(DESCRIPTION =
  (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCPS)(HOST = cw-rhle-01)(PORT = 1522))
  )
  (CONNECT_DATA =
    (SERVICE_NAME = orcl)
  )
)

listener.ora

LISTENER =
(DESCRIPTION_LIST =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = cw-rhle-01)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = cw-rhle-01)(PORT = 1522))
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
  )
)
SID_LIST_LISTENER=
(SID_LIST=
  (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/21c/db_home)
    (SID_NAME=orcl)
    (GLOBAL_DBNAME=ORCL))
)
SSL_CLIENT_AUTENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY=/etc/ORACLE/WALLETS/oracle/)))
Comments
Post Details
Added on Sep 8 2024
13 comments
175 views