Table of contents
- Create Oracle wallet
- Configure Oracle for SSL
- Restart services
- Connect to Oracle over SSL
- Learn more
To set up SSL configuration for Oracle connections, you need to create a wallet, configure Oracle network files, and adjust connection settings.
Prerequisites:
- Oracle Client installed
- Oracle Database Server that supports SSL
- Access rights to create directories and files
- A valid SSL certificate from a trusted CA
- Oracle Wallet Manager for wallet management
Create Oracle wallet
-
Create a wallet folder
Create a directory to store your wallet:
mkdir /opt/oracle/wallet -
Generate a wallet
Use the
orapkiutility to create a wallet:$ORACLE_HOME/bin/orapki wallet create -wallet /opt/oracle/wallet -pwd YourWalletPassword -auto_login -
Add certificates to the wallet
Choose one of the following:
-
Create and add a self-signed certificate:
$ORACLE_HOME/bin/orapki wallet add -wallet /opt/oracle/wallet -pwd YourWalletPassword -dn "CN=example.com" -keysize 1024 -self_signed -validity 365 -
Add a CA-signed certificate:
$ORACLE_HOME/bin/orapki wallet add -wallet /opt/oracle/wallet -pwd YourWalletPassword -trusted_cert -cert path_to_root_ca_cert
Tip: Replace
YourWalletPassword,CN=example.com, andpath_to_root_ca_certwith your actual values. -
-
Generate JKS files
Convert the wallet to Java Keystore format:
$ORACLE_HOME/bin/orapki wallet pkcs12_to_jks -wallet /opt/oracle/wallet -pwd YourWalletPassword -jksKeyStoreLoc /opt/oracle/wallet/oracle_keystore.jks -jksKeyStorepwd YourJKSPassword -jksTrustStoreLoc /opt/oracle/wallet/oracle_truststore.jks -jksTrustStorepwd YourJKSPassword
Configure Oracle for SSL
-
Edit
listener.oraExample:
SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /opt/oracle/wallet) ) ) LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1)) (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484)) ) ) DEDICATED_THROUGH_BROKER_LISTENER = ON DIAG_ADR_ENABLED = off -
Edit
sqlnet.oraExample:
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /opt/oracle/wallet) ) ) SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ) SSL_CLIENT_AUTHENTICATION = FALSE SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA) -
Edit
tnsnames.oraExample:
SSL= (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = XE) ) ) XE= (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = XE) ) )Tip: Replace
0.0.0.0,2484, andXEwith your server’s IP, SSL port, and service name.
Restart services
-
Restart the listener
$ORACLE_HOME/bin/lsnrctl stop $ORACLE_HOME/bin/lsnrctl start -
Restart the database
$ORACLE_HOME/bin/sqlplus / as sysdba shutdown startupTip: If running in Docker, use:
docker restart oracle_container_name
Connect to Oracle over SSL
-
Open DBeaver and create a new connection
If unsure how, see creating a connection.
-
Specify the custom JDBC URL
Example:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=0.0.0.0)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=XE))) -
Set driver properties
javax.net.ssl.trustStorePassword: Password for the truststorejavax.net.ssl.trustStoreType:JKSoracle.net.wallet.location: Path to your wallet
-
Test the connection
Verify that you can connect over SSL.
Learn more
For general SSL configuration, see SSL overview.
DBeaver Documentation
- Getting started
- DBeaver configuration
- Security
- Connection settings
- Databases support
- Classic
- Cloud
- Embedded
- File drivers
- Graph
- Database Navigator
- Data Editor
- SQL Editor
- Entity relation diagrams (ERD)
- Cloud services
- AI Assistant
- Data transfer and schema compare
- Task management
- Integrated tools
- Administration
- DBeaver Editions
- Standalone
- Cloud-hosted
- FAQ
- Development