Configuring Database to Use TCPS with Server Key
Perform the following steps on the Oracle Database server, to configure the network to activate SSL using Oracle Network Manager.
Configure the listener.ora file:
1. Launch the Net Manager tool. The netmgrcommand is available if ORACLE_HOME is set as environment variable. In the command prompt or terminal, enter the following command to open network manager.
> netmgr
2. Navigate toLocal > Listeners > Listener.
3. Click Add Address and select TCP/IP with SSL and enter the values for protocol, host name and port as follows:
Protocol: TCP/IP with SSL
Host Name: vv-stepde-vm
Port: 2484
* 
Windchill supports JDBCs communication on dedicated TCPS port 2484 configured on Oracle Database server. Cognos and Solr will not support JDBCs. All JDBC communication will be managed on the existing default TCP port 1521 which comes as default Windchill installation. The next step about listener.ora configuration shows how Oracle can serve both JDBC and JDBCs on two different ports
4. Click File > Save Network Configuration
Here is an example of the listener.ora file that you created.
...
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2)))
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = vv-stepde-vm
)(PORT = 1521)))
(DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = vv-stepde-vm)(PORT = 2484)))
)
...
If you need client authentication, ensure that the SSL_CLIENT_AUTHENTICATION property is set to TRUE in the listener.ora file:
SSL_CLIENT_AUTHENTICATION = TRUE

WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\wallets\server_wallet)))

LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = PROTOCOL = IPC) (KEY = EXTPROC1)))
(DESCRIPTION =
(ADDRESS = PROTOCOL = TCP) (HOST = vv-stepde-vm)(PORT = 1521)))
(DESCRIPTION =
(ADDRESS =(PROTOCOL = TCPS)(HOST = vv-stepde-vm)(PORT = 2484))))
5. Configure the sqlnet.ora file. Click Profile and select Oracle Advanced Security from the dropdown list and then, on the SSL tab, click Server if you do not have an SSL form. If you have an SSL form, ensure that the wallet directories of SSL form are pointing to the server_wallet directory.
Here is an example of a complete SSL form.
Configure Method: File System
Wallet Directory: C:\wallets\server_wallet
Configure SSL for: Server
Revocation Check: None
Require SSL Version: Any
Require Client Authentication: <Leave unchecked>
If client authentication is required, ensure that the Require Client Authentication checkbox is selected in the SSL form. After saving this network configuration, verify that the authentication parameter is set to TRUE in the sqlnet.ora file:
SSL_VERSION = 0
SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\wallets\server_wallet)
)
)
* 
If you only want encryption and server authentication, this step can be skipped.
6. Click File > Save Network Configuration
7. Exit the Net Manager tool. However, ensure that you have saved the changes and restarted the listener to pick up the new changes:
> lsnrctl stop
> lsnrctl start
8. Launch the Net Manager tool.
Here is an example of the sqlnet.ora and listener.ora files that you created without client authentication. If you need client authentication, ensure that the SSL_CLIENT_AUTHENTICATION property is set to TRUE in the listener.ora file:
sqlnet.ora
...
SQLNET.AUTHENTICATION_SERVICES=(TCPS,NTS)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY = C:\wallets\server_wallet))
)
SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_128_CBC_SHA,
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA)
...
listener.ora
...
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY = C:\wallets\server_wallet))
)
...
9. Configure the tnsnames.ora file. In the Net Manager tool, click Service Naming.
10. To create a new service, click Edit and then click Create. Complete the Net Service Name Wizard using the following information:
Net Service Name: vv-stepde-vm_tcps
Select: TCP/IP with SSL (Secure Internet Protocal)
Host Name: vv-stepde-vm
Port Number: 2484
(Oracle8i or later) Service Name: orcl
Connection Type: Default database
Test the connection on page 5 of the wizard
Here is an example of the tnsnames.ora file that you created:
...
vv-stepde-vm_tcps =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = vv-stepde-vm)(PORT = 2484)))
(CONNECT_DATA = (SERVICE_NAME = orcl))
)
...
11. Click File > Save Network Configuration.
12. Click File > Exit. The configuration is now complete.
Isto foi útil?