FAQ: TCPS / TLS / SSL / UTL_HTTP / UTL_SMTP Configuration and Queries in Oracle Database
(Doc ID 2980134.1)
Last updated on JULY 20, 2024
Applies to:
Oracle Database - Enterprise Edition - Version 12.1.0.1 and laterInformation in this document applies to any platform.
Purpose
This document aims to provide comprehensive answers to common queries related to the setup, configuration, and fundamental concepts of TCPS / TLS / SSL with respect to database and client-side implementation. Additionally, it addresses inquiries about the practical usage and implementation of UTL_HTTP / UTL_SMTP packages over TLS/SSL within a database environment
Questions and Answers
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Questions and Answers |
Understanding concept of TLS/SSL |
What is TLS/SSL? |
Difference between TLS/SSL protocol |
Significance of certificates in TLS/SSL |
How does TLS/SSL handshake work? |
What are Cipher Suites? |
Understanding TLS/SSL with Oracle Database |
Availability of TLS/SSL |
TCPS Protocol |
Significance of Wallet/orapki/PKCS#12 |
How TLS/SSL handshake work between Oracle Database/Client |
One-way and Two-way(mTLS) TLS/SSL communication |
Difference between Self Signed and CA signed certificates |
Configuring TCPS- TLS/SSL on Oracle Database/Client |
How to configure One-way TLS/SSL encryption with Self signed and CA Signed certificates |
How to configure Two-way (mTLS) TLS/SSL encryption with Self signed and CA Signed certificates |
How to configure TLS/SSL in multitenant setup |
TLS/SSL method for CLIENT authentication |
Questions on usage orapki utility/wallet usage and TLS/SSL supported parameters |
Useful orapki commands across wallet location |
Checking certificate expired status in wallet |
Parameters used on listener.ora and sqlnet.ora supporting TLS/SSL connection |
CRL- Certificate Validation with Certificate Revocation Lists |
FIPS: Federal Information Processing Standard |
MES: Micro Edition Suite (MES) |
MCS: Microsoft Certificate Store (MCS) |
Understanding UTL_HTTP / UTL_SMTP packages |
Configuring UTL_HTTP/UTL_SMTP access using certificates and an Oracle Database wallet |
How to create a wallet at Database end? |
How to get destination Webserver/MailServer certificates ? |
Adding certificates to Oracle Database wallet |
Validating TLS/SSL communication is working reaching destination Webserver/Mailserver |
Configuring ACL/ACE to user credential which is reaching destination Webserver/Mailserver with TLS/SSL |
How to configure UTL_HTTP at database for CLIENT AUTHENTICATION over TLS/SSL |
Common General Queries |
TLS 1.3 Version supported on Oracle Database |
How to check TCPS-TLS/SSL connected session data is encrypted |
How to verify the TLS Version is used in TCPS Connection |
How to disable TLS 1.0 /1.1 and enable TLS 1.2 |
Check if Database connection is connected Via TCPS |
EZ Connect syntax to connect to Database over TCPS with wallet |
Is it possible to have no wallet from Client Side and make TCPS/SSL Connection from remote client? |
How to restrict Client to connect to Database via TCP/TCPS |
PKI-04006: No Matching Private Key In The Wallet While Adding Final User Certificate to Wallet |
ORA-29106: Cannot import PKCS #12 wallet when calling UTL_HTTP package |
TLS Cipher Suite Authentication, Encryption, Integrity, and TLS Versions supported with Oracle Database |
Client / Server interoperability support matrix for different Oracle versions |
Reason for certificate related errors using UTL_HTTP/UTL_SMTP with TLS/SSL |
Traces to isolate TLS/SSL communication error. |
References |