Configuring SSL for Client Authentication and Encryption With Self Signed Certificates On Both Ends Using orapki
(Doc ID 401251.1)
Last updated on APRIL 27, 2021
Applies to:Oracle Database - Enterprise Edition - Version 10.2.0.5 and later
Advanced Networking Option - Version 10.2.0.5 to 220.127.116.11 [Release 10.2 to 12.1]
Oracle Net Services - Version 18.104.22.168.0 to 22.214.171.124.0 [Release 12.2]
Information in this document applies to any platform.
The note has been written using Oracle Enterprise Linux 4.0 and 5.0, and Oracle RDBMS versions 10.2.0.5, 126.96.36.199,188.8.131.52 and 184.108.40.206 although the steps are generic and should apply to all platforms.
In this note the client and server are separate machines to help clarify which configuration is server side and which is client side. This connection authenticates both the server and the client.
This note uses the Oracle command line tool orapki to generate self signed certificates and to manipulate the wallets. Some of the steps could be done using Oracle Wallet Manager but this note will focus on using orapki.
Oracle's primary reference for SSL is the Oracle Advanced Security Administrator's Guide. This guide describes Oracle's SSL solution and configuration in greater detail, see Configuring Secure Sockets Layer Authentication. The guide is available on the documentation CD.
This note is intended for use by Database Administrators.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document