0

我正在尝试通过 ODBC 为 Oracle 配置 SSL 加密连接。我在互联网上搜索,发现此配置的类似步骤集和服务器端更改后的最新配置文件如下:

sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)

SSL_VERSION = 3.1

SQLNET.ENCRYPTION_SERVER = requested

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

SSL_CLIENT_AUTHENTICATION = TRUE

SQLNET.CRYPTO_SEED = 'VALIDSEED111'

SQLNET.ENCRYPTION_TYPES_SERVER= (AES256, RC4_256, AES192, 3DES168,
AES128, RC4_128, 3DES112, RC4_56, DES, RC4_40, DES40)

WALLET_LOCATION =   (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /home/oracle/oracle/product/10.2.0/db_1/bin)
    )   )

SSL_CIPHER_SUITES= (SSL_RSA_WITH_RC4_128_MD5)

监听器.ora

SID_LIST_LISTENER =   (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /home/oracle/oracle/product/10.2.0/db_1)
      (PROGRAM = extproc)
    )   )

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =   (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /home/oracle/oracle/product/10.2.0/db_1/bin)
    )   )

LISTENER =   (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
    )
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain)(PORT = 1521))
    )
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCPS)(HOST = localhost.localdomain)(PORT = 1531))
    )   )

在更新 listener.ora 文件后,我还通过执行以下命令重新启动侦听器:

lsnrctl stop
lsnrctl start

客户端修改后的最新配置文件如下:

sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)

SSL_VERSION = 3.1

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

SSL_CLIENT_AUTHENTICATION = TRUE

SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256, RC4_256, AES192, 3DES168,
AES128, RC4_128, 3DES112, RC4_56, DES, RC4_40, DES40)

WALLET_LOCATION =   (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = C\app\oracle\product\11.2.0\client_1\BIN\owm\wallets)
    )   )

SSL_CIPHER_SUITES= (SSL_RSA_WITH_RC4_128_MD5)

ADR_BASE = C:\app\oracle\product\11.2.0\client_1\log

tnsnames.ora

ORCL43 =   (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCPS)(HOST = XX.XX.XX.XX)(PORT = 1531))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
    )
    (SECURITY=
      (SSL_SERVER_CERT_DN="cn=TGL,cn=OracleContext,c=IN,o=PQR")
    )   )

监听器.ora

SSL_CLIENT_AUTHENTICATION = FALSE

LISTENER =   (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = XX.XX.XX.XX)(PORT = 1521))   )

ADR_BASE_LISTENER = C:\app\oracle\product\11.2.0\client_1\log

当我尝试使用“ORCL43”通过 SQL Plus 连接 Oracle 数据库时,我收到“<strong>ORA-12560: TNS:protocol adapter error”。

请让我知道我在哪里做错了。

请帮我解决一下这个。

4

1 回答 1

0

确保 listener.ora(服务器端)和 tnsnames.ora(客户端)包含相同的 HOST 和 PORT 值。在您的情况下,如果服务器和客户端都在不同的机器上(即具有不同的地址),请在两个文件的 HOST 字段中使用服务器地址。

理想情况下,这应该可以解决您面临的问题。

此外,正如评论中其他人所建议的那样,您应该从文件中删除密码套件选项,或者至少使用那些被认为是安全的。此外,对于启用 SSL,SQLNET.ENCRYPTION_SERVER不需要。此标志用于配置 oracle 本机网络加密。

这是我用来为 oracledb 12c 启用 2 路 SSL(相互身份验证)的一些示例文件。

客户端

tnsnames.ora

PDBORCL =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCPS)(HOST = 10.255.255.255)(PORT = 2848))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = pdborcl)
    )
    (SECURITY=
    (SSL_SERVER_CERT_DN="cn=localhost,c=IN"))
  )

sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)

SSL_VERSION = 0

SSL_SERVER_DN_MATCH = Yes

SSL_EXTENDED_KEY_USAGE="SSL" (# not a required option, check the docs for usages. They have explained it nicely)
WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = C:\wallet)
    )
  )

ADR_BASE = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\log

服务器端

监听器.ora

SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = CLRExtProc)
      (ORACLE_HOME = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1)
      (PROGRAM = extproc)
      (ENVS = "EXTPROC_DLLS=ONLY:C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\bin\oraclr12.dll")
    )
  )

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = C:\wallet)
    )
  )

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCPS)(HOST = 10.255.255.255)(PORT = 2848))
    )
  )

ADR_BASE_LISTENER = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\log

sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)

SSL_VERSION = 0

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

SSL_CLIENT_AUTHENTICATION = TRUE

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = C:\wallet)
    )
  )

ADR_BASE = C:\app\OracleHomeUser1\product\12.1.0\dbhome_1\log
于 2020-01-24T10:28:23.327 回答