使用自签名证书的SSL (linux_db19 win_客户端）

阅读量：

复制代码

 配置服务器端

    
 mkdir -p /u01/app/oracle/wallet
    
  
    
 orapki wallet create -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123 -auto_login
    
  
    
 orapki wallet add -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123 -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 3650
    
  
    
 orapki wallet display -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123
    
  
    
 orapki wallet export -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123 -dn "CN=`hostname`" -cert /tmp/`hostname`-certificate.crt
    
  
    
 cat /tmp/`hostname`-certificate.crt
    
  
    
 配置客户端
    
 mkdir -p h:\app\oracle\wallet
    
  
    
 orapki wallet create -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -auto_login
    
  
    
 orapki wallet add -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -dn "CN=%computername%" -keysize 1024 -self_signed -validity 3650
    
  
    
 orapki wallet display -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123
    
  
    
 orapki wallet export -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -dn "CN=%computername%" -cert c:\%computername%-certificate.crt
    
  
    
 more c:\%computername%-certificate.crt
    
  
    
 orapki wallet add -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -trusted_cert -cert c:\lihao.local-certificate.crt
    
  
    
 orapki wallet display -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123
    
  
    
 orapki wallet add -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123 -trusted_cert -cert /tmp/WIN-9JSKV9NSSQS-certificate.crt
    
  
    
 orapki wallet display -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123
    
  
    
 修改 sqlnet.ora 增加内容
    
 $ORACLE_HOME/network/admin/sqlnet.ora
    
 WALLET_LOCATION =
    
    (SOURCE =
    
      (METHOD = FILE)
    
      (METHOD_DATA =
    
    (DIRECTORY = /u01/app/oracle/wallet)
    
      )
    
    )
    
  
    
 SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
    
 SSL_CLIENT_AUTHENTICATION = FALSE
    
 SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
    
  
    
 listener.ora
    
 SSL_CLIENT_AUTHENTICATION = FALSE
    
  
    
 WALLET_LOCATION =
    
   (SOURCE =
    
     (METHOD = FILE)
    
     (METHOD_DATA =
    
       (DIRECTORY = /u01/app/oracle/wallet)
    
     )
    
   )
    
  
    
 LISTENER =
    
   (DESCRIPTION_LIST =
    
     (DESCRIPTION =
    
       (ADDRESS = (PROTOCOL = TCP)(HOST = lihao.local)(PORT = 1521))
    
       (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    
       (ADDRESS = (PROTOCOL = TCPS)(HOST = lihao.local)(PORT = 2484))
    
     )
    
   )
    
  
    
 ADR_BASE_LISTENER = /u01/app/oracle
    
  
    
 lsnrctl stop
    
 lsnrctl start
    
  
    
 客户端配置
    
 H:\app\client\Administrator\product\19.0.0\client_1\network\admin
    
 sqlnet.ora
    
  
    
 WALLET_LOCATION =
    
    (SOURCE =
    
      (METHOD = FILE)
    
      (METHOD_DATA =
    
    (DIRECTORY = h:\app\oracle\wallet)
    
      )
    
    )
    
  
    
 SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS)
    
 SSL_CLIENT_AUTHENTICATION = FALSE
    
 SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
    
  
    
 tnsnames.ora配置
    
  
    
 pdb1_ssl=
    
   (DESCRIPTION=
    
     (ADDRESS=
    
       (PROTOCOL=TCPS)
    
       (HOST=lihao.local)
    
       (PORT=2484)
    
     )
    
     (CONNECT_DATA=
    
       (SERVER=dedicated)
    
       (SERVICE_NAME=pdb1)
    
     )
    
   )
    
  
    
 创建用户
    
 CREATE USER test IDENTIFIED BY test CONTAINER=CURRENT;
    
 GRANT CREATE SESSION TO test CONTAINER=CURRENT;

自动登录钱包不应该加local

mkdir -p /u01/app/oracle/wallet

orapki wallet create -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123 -auto_login_local

创建自签名证书并将其加载到钱包中

orapki wallet add -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123

-dn "CN=hostname" -keysize 1024 -self_signed -validity 3650

检查钱包的内容

orapki wallet display -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123

导出证书

orapki wallet export -wallet "/u01/app/oracle/wallet" -pwd WalletPasswd123 -dn "CN=hostname" -cert /tmp/hostname-certificate.crt

cat /tmp/hostname-certificate.crt

相互写入host文件

相互能PING通

配置客户端

mkdir -p h:\app\oracle\wallet

创建一个新的自动登录钱包

orapki wallet create -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -auto_login_local

创建自签名证书并将其加载到钱包中

orapki wallet add -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -dn "CN=%computername%" -keysize 1024 -self_signed -validity 3650

orapki wallet display -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123

导出证书，以便稍后将其加载到服务器中

orapki wallet export -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -dn "CN=%computername%" -cert c:%computername%-certificate.crt

more c:%computername%-certificate.crt
将服务器证书加载到客户端钱包中
orapki wallet add -wallet "h:\app\oracle\wallet" -pwd WalletPasswd123 -trusted_cert -cert c:\lihao.local-certificate.crt