我正在尝试通过ODBC为Oracle配置SSL加密的连接。我在互联网上进行搜索,发现此配置的一组类似步骤,并且在服务器端进行更改后,最新的配置文件如下:
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)
SSL_VERSION = 3.1
SQLNET.ENCRYPTION_SERVER = requested
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = TRUE
SQLNET.CRYPTO_SEED = 'VALIDSEED111'
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256, RC4_256, AES192, 3DES168,
AES128, RC4_128, 3DES112, RC4_56, DES, RC4_40, DES40)
WALLET_LOCATION = (SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /home/oracle/oracle/product/10.2.0/db_1/bin)
) )
SSL_CIPHER_SUITES= (SSL_RSA_WITH_RC4_128_MD5)
listener.ora
SID_LIST_LISTENER = (SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /home/oracle/oracle/product/10.2.0/db_1)
(PROGRAM = extproc)
) )
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /home/oracle/oracle/product/10.2.0/db_1/bin)
) )
LISTENER = (DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost.localdomain)(PORT = 1531))
) )
我还通过执行以下命令在更新了listener.ora文件之后重新启动了监听器:
lsnrctl stop
lsnrctl start
客户端侧更改后的最新配置文件如下:
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 3.1
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = TRUE
SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256, RC4_256, AES192, 3DES168,
AES128, RC4_128, 3DES112, RC4_56, DES, RC4_40, DES40)
WALLET_LOCATION = (SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C\app\oracle\product\11.2.0\client_1\BIN\owm\wallets)
) )
SSL_CIPHER_SUITES= (SSL_RSA_WITH_RC4_128_MD5)
ADR_BASE = C:\app\oracle\product\11.2.0\client_1\log
tnsnames.ora
ORCL43 = (DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = XX.XX.XX.XX)(PORT = 1531))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
(SECURITY=
(SSL_SERVER_CERT_DN="cn=TGL,cn=OracleContext,c=IN,o=PQR")
) )
listener.ora
SSL_CLIENT_AUTHENTICATION = FALSE
LISTENER = (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = XX.XX.XX.XX)(PORT = 1521)) )
ADR_BASE_LISTENER = C:\app\oracle\product\11.2.0\client_1\log
当我尝试使用“ ORCL43”通过SQL Plus连接Oracle数据库时,出现“ ORA-12560:TNS:协议适配器错误”。
请让我知道我在哪里做错了。
请帮助我。
答案 0 :(得分:0)
确保listener.ora(服务器端)和tnsnames.ora(客户端)都包含相同的HOST和PORT值。在您的情况下,如果服务器和客户端都位于不同的计算机中(即具有不同的地址),请在“主机”字段中为这两个文件使用服务器地址。
理想情况下,这应该可以解决您面临的问题。
此外,正如其他人在评论中所建议的那样,您应该从文件中删除密码套件选项,或者至少使用那些被认为是安全的密码套件。另外,要启用SSL,不需要SQLNET.ENCRYPTION_SERVER
。此标志用于配置oracle本机网络加密。
这是一些示例文件,我正在使用这些文件为oracledb 12c启用2路SSL(相互认证)。
客户端
tnsnames.ora
PDBORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 10.255.255.255)(PORT = 2848))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = pdborcl)
)
(SECURITY=
(SSL_SERVER_CERT_DN="cn=localhost,c=IN"))
)
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 0
SSL_SERVER_DN_MATCH = Yes
SSL_EXTENDED_KEY_USAGE="SSL" (# not a required option, check the docs for usages. They have explained it nicely)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\wallet)
)
)
ADR_BASE = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\log
服务器端
listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\bin\oraclr12.dll")
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\wallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 10.255.255.255)(PORT = 2848))
)
)
ADR_BASE_LISTENER = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\log
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 0
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\wallet)
)
)
ADR_BASE = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\log