Please find the below steps
1. Create wallet directory
mkdir -p /home/scripts/PROMO_CHANGE/WALLET
2. Setup Wallet
orapki wallet create -wallet /home/scripts/PROMO_CHANGE/WALLET -pwd wallet_pwd -auto_login
3. Download certificate (Check the port number which is opened to that particular host)
openssl s_client -servername abc.domain.int -connect abc.domain.int:443 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'>/tmp/certificate12.cer
4. Add certificate key to the wallet
orapki wallet add -wallet /home/scripts/PROMO_CHANGE/WALLET -trusted_cert -cert “/tmp/certificate12.cer” -pwd wallet_pwd
orapki wallet add -wallet /home/scripts/PROMO_CHANGE/WALLET -trusted_cert -cert “/tmp/certificate12.cer” -pwd wallet_pwd
5. Update $TNS_ADMIN/sqlnet.ora like below.
SQLNET.WALLET_OVERRIDE = TRUE
WALLET_LOCATION=(
SOURCE=(METHOD=FILE)
(METHOD_DATA=(DIRECTORY=/home/scripts/PROMO_CHANGE/WALLET))
)
WALLET_LOCATION=(
SOURCE=(METHOD=FILE)
(METHOD_DATA=(DIRECTORY=/home/scripts/PROMO_CHANGE/WALLET))
)
Bounce or Reload the listener.
6. Test the certificate
orapki wallet display -wallet "/home/scripts/PROMO_CHANGE/WALLET " -pwd wallet_pwd
Check Existing ACL’s information :
----------------------------------------------
set lines 160
col HOST format a40
col ACL format a40
col ACLID format a40
select * from DBA_NETWORK_ACLS;
col HOST format a40
col ACL format a40
col ACLID format a40
select * from DBA_NETWORK_ACLS;
Check Existing ACL’s privilege information :
--------------------------------------------------------
col ACL format a40
col PRINCIPAL format a40
set lines 160
select acl , principal , privilege , is_grant from DBA_NETWORK_ACL_PRIVILEGES;
col PRINCIPAL format a40
set lines 160
select acl , principal , privilege , is_grant from DBA_NETWORK_ACL_PRIVILEGES;
Please follow the below to create,add,assign acl for a particular user.
begin
dbms_network_acl_admin.create_acl (
acl => 'utl_http.xml',
description => 'HTTP Access',
principal => 'SYS',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
);
commit;
end;
/
dbms_network_acl_admin.create_acl (
acl => 'utl_http.xml',
description => 'HTTP Access',
principal => 'SYS',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
);
commit;
end;
/
begin
dbms_network_acl_admin.add_privilege (
acl => 'utl_http.xml',
principal => 'SYS',
is_grant => TRUE,
privilege => 'resolve',
start_date => null,
end_date => null
);
commit;
end;
/
dbms_network_acl_admin.add_privilege (
acl => 'utl_http.xml',
principal => 'SYS',
is_grant => TRUE,
privilege => 'resolve',
start_date => null,
end_date => null
);
commit;
end;
/
begin
dbms_network_acl_admin.assign_acl (
acl => 'utl_http.xml',
host => '*',
lower_port => null,
upper_port => null
);
commit;
end;
/
grant execute on utl_http to SYS;