Oracle Client for Encrypted Database Connections

For use when changing oracle client to use tcps

Step-by-step guide

Make a wallet directory and add the cwallet.sso and ewallet.p12 files
Copy access.xml and sqlnet.ora files to the client network/admin directory
Update the database connection string (PROTOCOL=TCPS, PORT=2484, SERVICE_NAME=kfs40t_srv.uits.uconn.edu) in the tnsnames.ora file
Copy oraclepki.jar, osdt_cert.jar, osdt_core.jar to the client lib directory

vi /usr/lib/jvm/jre/lib/security/java.security
security.provider.10=oracle.security.pki.OraclePKIProvider

cp /usr/lib/oracle/12.2/client64/lib/oraclepki.jar /usr/lib/jvm/jre/lib/ext
cp /usr/lib/oracle/12.2/client64/lib/osdt_cert.jar /usr/lib/jvm/jre/lib/ext
cp /usr/lib/oracle/12.2/client64/lib/osdt_core.jar /usr/lib/jvm/jre/lib/ext

vi /opt/tomcat-kfs/bin/setenv.sh
vi /opt/tomcat-rice/bin/setenv.sh
vi wrapper.ksh

#Oracle JDBC encryption with wallet
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin=/usr/lib/oracle/12.2/client64/network/admin/"
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.wallet_location='(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/usr/lib/oracle/12.2/client64/wallet)))'"

vi /srv/uconn_configs/kfs-config/security/security.properties
vi /srv/uconn_configs/rice-config/rice-config.xml
--datasource.url=jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=YES)(FAILOVER=ON)(ADDRESS=(PROTOCOL=TCPS)(HOST=exa02-scan.uits.uconn.edu)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=kfs40t_srv.uits.uconn.edu)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=20)(DELAY=5))))

Enterprise Financial Systems

Oracle Client for Encrypted Database Connections

Step-by-step guide

Related articles