Enabling TCPS for Oracle Database Server
You must enable TCPS for the Oracle database before setting up Cloudera Manager. Enabling TCPS establishes a secure channel between the client (Cloudera Manager) and the server (Oracle Database Server).
- SSH into the Oracle database server host.
-
Change to the "oracle" user as follows:
sudo -su oracle
-
Append the location of
ORACLE_HOME
to thePATH
environment variable by running the following commands:export ORACLE_HOME=/opt/oracle/product/19c/dbhome_1 export PATH=${PATH}:${ORACLE_HOME}/bin
-
Create an auto-login wallet by running the following command:
orapki wallet create -wallet /opt/oracle/product/19c/dbhome_1/wallet -auto_login
An auto-login wallet uses SSL's single sign-on functionality. The users do not need to specify password each time they open the wallet. -
Add a self-signed certificate to this wallet by running the following command:
orapki wallet add -wallet /opt/oracle/product/19c/dbhome_1/wallet -dn "CN=server" -keysize 4096 -self_signed -validity 365
-
Export the certificate from the Oracle wallet by running the following command:
orapki wallet export -wallet /opt/oracle/product/19c/dbhome_1/wallet -dn "CN=server" -cert server_ca.cert
This exports a certificate with the subject's distinguished name (-dn
) (CN=server) from a wallet to the file that is specified by-cert
(server_ca.cert). -
Add the following lines to the
/opt/oracle/product/19c/dbhome_1/network/admin/listener.ora
configuration file:
SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /opt/oracle/product/19c/dbhome_1/wallet) ) ) Register a new address in LISTENER: (ADDRESS = (PROTOCOL = TCPS)(HOST = [***HOST***])(PORT = 2484))
-
Add the following lines to the
/opt/oracle/product/19c/dbhome_1/network/admin/sqlnet.ora profile
configuration file:
SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /opt/oracle/product/19c/dbhome_1/wallet) ) )
-
Add the following lines to the
/opt/oracle/product/19c/dbhome_1/network/admin/tnsnames.ora
configuration file:
ORCLPDB1_SSL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = [***HOST***])(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORCLPDB1) ) (SECURITY = (MY_WALLET_DIRECTORY = /opt/oracle/product/19c/dbhome_1/wallet) ) )
-
Restart the listener by running the following commands:
lsnrctl stop lsnrctl start
-
Check the TCPS status by running the following command
sqlplus cm/cmverystr0ngP4ss@ORCLPDB1_SSL SELECT sys_context('USERENV', 'NETWORK_PROTOCOL') as network_protocol FROM dual;
Sample output:NETWORK_PROTOCOL -------------------------------------------------------------------------------- tcps