Configuring client authentication

If the Oracle database requires SSL client authentication, then you must configure a keystore.

About this task

To determine whether the Oracle database requires SSL client authentication, complete the following step.

Procedure

Verify the sqlnet.ora file on the target Oracle database server, which is the managed resource, for the following line:

SSL_CLIENT_AUTHENTICATION = FALSE

The FALSE value means that the Oracle database server does NOT require SSL client authentication. The TRUE value means that the Oracle database server DOES require SSL client authentication.

Note: The store password ThePwd12 is for test purposes only.

Example

For test purposes, you can use the following commands to set up a JKS type keystore:

cd c:\temp
mkdir clientjks

keytool -genkey -alias OADB -dname "CN=client,C=US" -storetype JKS -keystore 
clientjks\client.jks -keyalg RSA -storepass "ThePwd12"

keytool -certreq -alias OADB -file clientjks\creq.cer -keystore clientjks\client.jks 
-storepass "ThePwd12"

orapki cert create -wallet ./authority -request clientjks\creq.cer -cert 
clientjks\signed.cer -validity 3650 -pwd=ThePwd12

keytool -import -v -alias OACA -file authority\CA.cer -keystore clientjks\client.jks 
-storepass "ThePwd12"

keytool -import -v -alias OADB -file clientjks\signed.cer -keystore 
clientjks\client.jks -storepass "ThePwd12"

These example commands assume that you created a self-signed certificate authority. See Configuring the Oracle database server.

What to do next

If the keystore properties are not set in the solution.properties file, then set the following properties accordingly:

## client authentication
javax.net.ssl.keyStore=client.jks
javax.net.ssl.keyStorePassword=ThePwd12
javax.net.ssl.keyStoreType=jks