oracle 监听加密 tcps,Oracle 配置TCPS协议

Configuring SSL for Client Authentication and Encryption With Self Signed Certificates On Both Ends Using orapki (Doc ID 401251.1)

One can set up the SSL authentication as described in this note only when testing this authentication method or when the number of the users authenticated via SSL is not large. The rationale is that in this note the client signs it’s own certificate and we import the root certificate of the client into the wallet of the server. As such for a large number of different users we will end up with too many client root certificates being imported into the wallet of the server.

只有在测试此身份验证方法或通过SSL进行身份验证的用户数量不多时，才可以设置本说明中所述的SSL身份验证。

其基本原理是，在本说明中，客户机签署自己的证书，然后我们将客户机的根证书导入到服务器的钱包中。

因此，对于大量不同的用户，我们最终会有太多的客户端根证书被导入到服务器的钱包中。

-- ### 服务端 (注意：服务器不需要生成服务器的客户端版本的CA证书)

-- 创建目录

su - oracle && cd /u01/app/grid/product/db/network/admin

mkdir wallet_location

cd wallet_location

wallet_location=`pwd`

-- (初始化)创建初始化wallet 生成文件： cwallet.sso，ewallet.p12

orapki wallet help

orapki wallet create -wallet ${wallet_location} -auto_login -pwd pwd123456

-- (服务端)创建自签名证书，生成用户证书和CA根证书

orapki wallet add -wallet ${wallet_location} -dn "CN=server" -keysize 512 -self_signed -validity 365 -pwd pwd123456

-- (服务端)导出CA根证书书

orapki wallet export -wallet ${wallet_location} -dn "CN=server" -cert server_ca1.cert

-- ### 客户端

su - oracle

cd /u01/app/grid/product/db/network/admin

mkdir wallet_location

cd wallet_location

wallet_location=`pwd`

-- (初始化)创建初始化wallet 生成文件： cwallet.sso，ewallet.p12

orapki wallet create -wallet $wallet_location -auto_login -pwd pwd123456

-- (客户端)创建自签名证书