Description:
To establish a secure connection over the XML DB with SSL using TCPS (Secure Socket Layer).
Requirements:
1. A wallet is required to be able to set up an SSL connection.
2. $ORACLE_HOME/network/admin --> This directory contains
a) Listener.ora
b) Sqlnet.ora
c) Tnsname.ora
We are put the wallet location entry on these three files.
IMPLEMENTATION:
1. Ensure the following files are exist in the wallet directory.
A) ewallet.p12
B) cwallet.sso (Enable a auto login)
2. Make entry of the following control parameters in the sqlnet configuration files.
(sqlnet.ora and listener.ora files).
1. sqlnet.ora.
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = <WALLET_LOCATION>))
)
SSL_CLIENT_AUTHENTICATION=FALSE
2. listener.ora.
In the listener.ora open a secure port:
eg. add address:
(ADDRESS = (PROTOCOL = TCPS)(HOST = <HOSTNAME or IP ADDRESS)(PORT = 1988))
3. tnsnames.ora.
In the tnsnames.ora add:
TEST_s =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS) (Host = <HOSTNAME or IP ADDRESS) (Port = 1988) )
(CONNECT_DATA = (SID = TEST) )
)
4. Connect through the secure port.
sqlplus sys/*****@TEST_s
Verify you are using the secure protocol by means,
select sys_context('userenv','network_protocol') from dual;
3. Set dispactchers for TCPS:
We can add a dispatchers for TCPS in two ways.
1.Add the entry in the pfile (init<SID>.ora) -- With bounce.
Example:
dispatchers='(PROTOCOL=TCP)(SERVICE=TEST)','(PROTOCOL=TCPS)(SERVICE=TEST)'
and restart the database instance.
(Or)
2.Alternatively make the change by means of the alter system command.
alter system set dispatchers = '(INDEX=0)(PROTOCOL=TCPS)(SERVICE=TEST)', '(INDEX=1)(PROTOCOL=TCP) (SERVICE=TEST)' scope=both;
You can set the dispatcher for TCPS only if desired.
4. Set http2-port and http2-protocol in the XDB configuration:
At this page set the HTTPS Port and the HTTPS Protocol.
eg. set 'HTTPS Port' to 1498 and 'HTTPS Protocol' to tcps.
Assume the https port no was 1498.
The following pl/sql script is use for set the https port in oracle 10g.
Pl/sql script:
set serveroutput on
DECLARE
l_cfgxml XMLTYPE;
l_value VARCHAR2(5) := '&secure_port'; -- Secure port#
BEGIN
l_cfgxml := DBMS_XDB.cfg_get();
IF l_cfgxml.existsNode('/xdbconfig/sysconfig/protocolconfig/httpconfig/http2-port') = 0 THEN
-- Add missing elements.
SELECT insertChildXML
(l_cfgxml, '/xdbconfig/sysconfig/protocolconfig/httpconfig', 'http2-port',
XMLType('<http2-port xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">' ||
l_value ||
'</http2-port>'),
'xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd"'
)
INTO l_cfgxml
FROM dual;
SELECT insertChildXML
(l_cfgxml, '/xdbconfig/sysconfig/protocolconfig/httpconfig', 'http2-protocol',
XMLType('<http2-protocol xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">tcps</http2-protocol>'),
'xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd"'
)
INTO l_cfgxml
FROM dual;
DBMS_OUTPUT.put_line('http2 port inserted.');
ELSE
-- Update existing element.
SELECT updateXML
(
DBMS_XDB.cfg_get(),
'/xdbconfig/sysconfig/protocolconfig/httpconfig/http2-port/text()',
l_value,
'xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd"'
)
INTO l_cfgxml
FROM dual;
DBMS_OUTPUT.put_line('http2 port updated.');
DBMS_OUTPUT.put_line('Secure port changed into '||l_value);
END IF;
DBMS_XDB.cfg_update(l_cfgxml);
DBMS_XDB.cfg_refresh;
END;
/
Results of execution:
SQL> @set-secure-http2-port.sql
Enter value for secure_port: 1498
old 3: l_value VARCHAR2(5) := '&secure_port'; -- Secure port#
new 3: l_value VARCHAR2(5) := '1498'; -- Secure port#
http2 port updated.
Secure port changed into 1498
PL/SQL procedure successfully completed.
The following query is use for set the https port in oracle 11g.
In 11g release 1 and 11g release 2 you can run
call dbms_xdb.setListenerEndPoint(2, null, 1498,2);
5. Now check the status of the listener:
Lsnrctl status <LISTENER_NAME>
Eg: lsnrctl status TEST
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<HOSTNAME>)(PORT=1523)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<HOSTNAME>)(PORT=1988))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<HOSTNAME>)(PORT=1498)
(Presentation=HTTP)(Session=RAW)))
6. Now check and test the connection through browser.