Connection to OracleDB using SSL/TLS

Hello,

I would like to set up monitoring of database which is available only using SSL/TLS - service on 2484/tcp.
Is this possible or planned?

Regards, Greg

Comments

  • Hello Greg,

    could you try connection test on the SSL only available DB with the patch below?

    1. backup your current /home/lpar2rrd/lpar2rrd/bin/oracledb-test-api.pl file.

    2. Apply this patch:
    https://download.lpar2rrd.com/patch/7.30-1-4-g6e97f/oracledb-test-api.pl.gz

    Gunzip it and copy to /home/lpar2rrd/lpar2rrd/bin (755, lpar2rrd owner)

    -rwxrwxr-x 1 lpar2rrd lpar2rrd 9896 Jan 17 08:15 oracledb-test-api.pl

    If your web browser gunzips it automatically then just rename it: mv oracledb-test-api.pl.gz oracledb-test-api.pl

    Assure that file size is the same as on above example

    3. try the connection test in web ui and let us know if it worked.

  • Greg
    edited February 2022
    Hello damerva,

    Thank you for fast answer.

    TCP Connection test works for port 2484/tcp. But DB data test failed with: ORA-29024: Certificate validation failure.

    I explored the topic in more detail and I think topic is more complicated then changing only protocol and port.

    To use TCPS we need wallet with client certificate, trusted by server. It is defined in sqlnet.ora file.

    So I think there are changes to be done:
    1. Host definition: possibility to choice between TCP/TCPS protocol with default ports: 1521, 2484.
    2. Host definition: path to file with sqlnet.ora when TCPS is selected.
    3. Use collected data in sqlplus calls.

    In my test environment, TNS you use is sufficient:
    "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=oracle-host)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=service-name)))" @/path-to/lpar2rrd/oracledb-sql/Standalone_L.sql"<br>
    If you want, I will be happy to do the tests after implementation.

    Best regards, Greg
  • Hello again,

    Do you plan any implementation for this functionality?
  • Hello Greg,

    so after you set up listener.ora and sqlnet.ora the connection test started working, is that correct?
Sign In or Register to comment.