Oracle Database B10772-01 Administrator's Manual page 190

Enabling SSL
Step 1: Confirm Client Wallet Creation
Before proceeding with the next step, you must confirm that a wallet has been
created on the client and that the client has a valid certificate.
Step 2: Configure Oracle Net Service Name to Include Server DNs and Use
TCP/IP with SSL on the Client
You must specify the server's
in the client network configuration files to enable server DN matching and TCP/IP
with SSL connections. Server DN matching prevents the database server from
faking its identity to the client during connections by matching the server's global
database name against the DN from the server certificate.
You must manually edit the client network configuration files, tnsnames.ora and
listener.ora, to specify the server's DN and the TCP/IP with SSL protocol. The
tnsnames.ora file can be located on the client or in the LDAP directory. If it is
located on the client, then it typically resides in the same directory as the
listener.ora file. Depending on your operating system, these files reside in the
following directory locations:
To edit the tnsnames.ora and listener.ora files, use the following steps:
1.
7-24 Oracle Database Advanced Security Administrator's Guide
Oracle Corporation recommends that you use Oracle Wallet
Note:
Manager to remove the
associated with each
See Also:
Chapter 8, "Using Oracle Wallet
information about wallets
"Opening an Existing Wallet"
about opening an existing wallet
"Creating a New Wallet"
creating a new wallet
(UNIX) ORACLE_HOME/network/admin/
(Windows)
ORACLE_BASE\ORACLE_HOME\
In the client tnsnames.ora file, add the SSL_SERVER_CERT_DN parameter
and specify the database server's DN as follows:
trusted certificate
certificate authority that you do not use.
Manager", for general
on page 8-13, for information
on page 8-10, for information about
distinguished name (DN)
network\admin\
in your Oracle wallet
and TCPS as the protocol