Configure TCP/IP with SSL/TLS for GDS – GSM OCI Mode
(Doc ID 2857100.1)
Last updated on JULY 20, 2024
Applies to:
Oracle Database - Enterprise Edition - Version 19.11.0.0.0 and laterInformation in this document applies to any platform.
Goal
Configuration Of TCP/IP With SSL/TLS For GDS (GSM OCI MODE)
The GSM interface cli (GDSCTL) uses thin driver (default) and GSM uses ANO encryption (default) for secure connection.
To implement TLS v1.2, we can't have double encryption stacks, thus, ANO must be disabled.
The below procedure is the workaround by using OCI thick driver.
Native Network Encryption for GDS Connections
PRI +----------+ +----------+ +----------+ +----------+ +----------+
CDB | gsm1 | | cdbcat | | cdb1 | | cdb2 | | cdb3 |
PDB | | | cat | | sh1 | | sh2 | | sh3 |
HOST | host1 | | host2 | | host3 | | host4 | | host5 |
R:DC1 +----------+ +----------+ +----------+ +----------+ +----------+
| | |
v v v
ADG +----------+ +-----------+ +----------+ +----------+
CDB | gsm2 | | cdb11 | | cdb12 | | cdb13 |
PDB | | | sh1 | | sh2 | | sh3 |
HOST | host6 | | host7 | | host8 | | host9 |
R:DC2 +----------+ +-----------+ +----------+ +----------+
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Configuration Of TCP/IP With SSL/TLS For GDS (GSM OCI MODE) |
| Native Network Encryption for GDS Connections |
| Solution |
| Prerequisites and Assumptions |
| Setup Wallet and Certificate |
| 1. Create Wallet on GSM and all hosts |
| 2. Create Wallet on GSM client |
| 3. Exchange Certificates |
| 4. Network Configuration |
| References |