2、监听配置
1、在服务器上,将以下内容添加到“$ORACLE_HOME/network/admin/ sqlnet.ora”文件中
NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /home/oracle/ wallet)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
# SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CLIENT_AUTHENTICATION = TRUE
DIAG_ADR_ENABLED = OFF
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
ADR_BASE = /opt/app/ oracle
2、将监听配置为接受SSL /TLS加密连接。编辑“$ORACLE_HOME/network/admin/ listener.ora”文件,添加wallet信息以及TCPS内容
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /home/oracle/ wallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.132.13)(PORT = 1521 ))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = 192.168.132.13)(PORT = 2484 ))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2484))
)
)
DIAG_ADR_ENABLED_LISTENER = OFF
ADR_BASE_LISTENER = /opt/app/ oracle
TRACE_LEVEL_LISTENER = user
[oracle@db2 ~]$ cat /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/ tnsnames.ora
ORA11N =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST =192.168.132.13)(PORT = 1521 ))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl11g.us.oracle测试数据)
(SID = icdc)
)
)
TCPS1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 192.168.132.13)(PORT = 2484 ))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl11g.us.oracle测试数据)
(SID = icdc)
)
)
重启监听
$ lsnrctl stop
$ lsnrctl start
```好像是 lsnrctl reload 也可以的,不用stop再start```
3、数据库本地测试
1、tcps登录测试
[oracle@db2 ~]$ sqlplus bjxq/bjxqww2sq2z@TCPS1
2、日志监控
[oracle@db2 ~]$ tail -f /opt/app/oracle/product/11.2.0/dbhome_1/network/log/listener.log
4、总结
Oracle配置tcps加密连接已经配置成功,至于业务连接需要开发配合,需要将crt文件转换为jks证书等等,不说了……
Oracle配置tcps加密协议
标签:ssl oracl log names rect 协议 内容 use 操作
查看更多关于Oracle配置tcps加密协议的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did116787