meta données pour cette page
Ceci est une ancienne révision du document !
TCPS
Mise en oeuvre sur RAC
Environnement
- Noeuds:
- oracle2.labo.delag.fr
- oracle3.labo.delag.fr
rac ⇒ gva-clr-rac001
### Wallet
1/creation wallet
mkdir /u01/app/oracle/wallet/ chmod 750 /u01/app/oracle/wallet/ orapki wallet create -wallet /u01/app/oracle/wallet/ -auto_login -pwd XXXXX (CF autologin)
2/ certificate request
orapki wallet add -wallet /u01/app/oracle/wallet -dn 'CN=gva-plp-odb009.dts.corp.local,OU=Information Systems,O=TOTSA TotalEnergies Oil Trading SA,C=CH,ST=GE,L=GE,emailAddress=ts.it-operations@totalenergies.com' -sign_alg sha256 -keysize 2048 -pwd XXXXX
3/ export certificate request
orapki wallet export -wallet /u01/app/oracle/wallet -dn 'CN=gva-plp-odb009.dts.corp.local,OU=Information Systems,O=TOTSA TotalEnergies Oil Trading SA,C=CH,ST=GE,L=GE,emailAddress=ts.it-operations@totalenergies.com' -request /u01/app/oracle/wallet/gva-plp-odb009.csr
4/ request cert to cert authority
5/ import and trust of ROOT Authority CERT
orapki wallet add -wallet /u01/app/oracle/wallet -cert /u01/app/oracle/wallet/root.cer -trusted_cert
6/ import and trust of Authentication CERT
orapki wallet add -wallet /u01/app/oracle/wallet -cert /u01/app/oracle/wallet/authentification.cer -trusted_cert
7/ import and trust of intermediate cert
orapki wallet add -wallet /u01/app/oracle/wallet -cert /u01/app/oracle/wallet/server_authentification.cer -trusted_cert
8/ import and trust of CERT for Oracle Host
orapki wallet add -wallet /u01/app/oracle/wallet -user_cert -cert /u01/app/oracle/wallet/ca.crt
9/ display result
orapki wallet display -wallet /u01/app/oracle/wallet
### SQL.NET and Listener on standalone 1/ change protocole from TCP to TCPS or create a dedicated Listener on different port
=⇒ Listener
LISTENER_TCPS = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS=(PROTOCOL=TCPS)(HOST=gva-plp-odb009.dts.corp.local)(PORT=1529)) ) )
=⇒ SQLNET
SSL_CLIENT_AUTHENTICATION = FALSE SQLNET.ENCRYPTION_SERVER=REQUIRED SQLNET.ENCRYPTION_TYPES_SERVER=(AES256) SQLNET.AUTHENTICATION_SERVICES=(BEQ,TCPS) NAMES.DIRECTORY_PATH=(TNSNAMES, EZCONNECT) WALLET_LOCATION = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/u01/app/oracle/wallet) ) )