My Oracle Support Banner

Configuring SSL Authentication With Client Certificates Signed By The Server Using orapki (Doc ID 1381035.1)

Last updated on DECEMBER 06, 2021

Applies to:

Advanced Networking Option - Version to [Release 10.2 to 12.1]
Information in this document applies to any platform.


This note uses the Oracle command line tool orapki to create all the needed certificates for SSL authentication. The method presented in this note is different to the methods described in <Note 401251.1> and <Note 736510.1>. The difference is that in this note we use server's wallet to sign the certificates of the clients(rather than using an external CA for signing the certificates of the client, we use server's auto login wallet as a CA).  In <Note 401251.1> each client signs it's own certificate and then we import into server's wallet the root certificates of all the clients. <Note 736510.1> describes in great detail the process of setting this up using OWM (rather than orapki) and also suggests that the CA is a third party entity.


This note is intended for use by the database administrators who are configuring SSL Authentication.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1) Create and configure the server wallet
 2) Create and configure the client wallet
 3) Create the user within the database
 4) Configuring server side listener
 5) Configuring server side sqlnet.ora
 6) Configuring client side sqlnet.ora
 7) Configuring client side tnsnames.ora
 8) Configuring the database
 9) Testing the configuration

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.