on Oracle Cloud Infrastructure using TLS/mTLS Wallet option
Oracle Autonomous Database is a fully automated database service that makes it easy for all organizations to develop and deploy application workloads regardless of complexity, scale, or criticality. Autonomous Database’s converged engine supports diverse data types, simplifying application development and deployment from modeling and coding to ETL, database optimization, and data analysis. With machine-learning–driven automated tuning, scaling, and patching, Autonomous Database delivers the highest performance, availability, and security for OLTP, analytics, batch, and Internet of Things (IoT) workloads. Built on Oracle Database and Oracle Exadata, Autonomous Database is available on Oracle Cloud Infrastructure (OCI) for shared or dedicated deployments, and on-premises with Exadata Cloud@Customer and Dedicated Region Cloud@Customer.
Configuration steps
1. Download Wallet
Oracle Wallet is a set of files that stores all the user connection settings such as tnsnames.ora, sqlnet.ora, JDBC properties file ojdbc.properties, credentials such as certificates, certificate requests, and private keys. You can create a wallet by using the Oracle tooling or ask your Oracle server administrator to generate the wallet. For more information about wallets, see Creating and Managing Oracle Wallet and Download Client Credentials (Wallets) at docs.oracle.com.
To download the wallet, click on Database Instance Name you want to connect to
And then click on DB Connection
You can download Instance Wallet or Region Wallet
- Instance Wallet: Wallet for a single database only; this provides a database-specific wallet.
- Regional Wallet: Wallet for all Autonomous Databases for a given tenant and region (this includes all service instances that a cloud account owns).
Unzip the wallet and place the contents at a location that will be reachable by your running application (i.e. /home/<some_user>, …)
2. Configure Database ACL
Navigate to Network section and make sure, that application IP address is in Access control list. mTLS requires ACL to be enabled.
3. Download Oracle JDBC Driver & Companion JARs and update the library
- Download driver
- You can download driver from Oracle site https://download.oracle.com/otn-pub/otn_software/jdbc/217/ojdbc11-full.tar.gz and extract files we need (
ojdbc11.jar oraclepki.jar osdt_cert.jar osdt_core.jar ucp11.jar
)
- You can download driver from Oracle site https://download.oracle.com/otn-pub/otn_software/jdbc/217/ojdbc11-full.tar.gz and extract files we need (
Configure the connection
The last step is now to figure out the name of the service we’ll use to connect to the database instance. Service names can be found in the tnsnames.ora
file as part of the wallet’s contents. Typically these service names are the composition of the database name and any of the following: “high”, “medium”, “low”, “tpurgent”, and “tp”. With this information, we can now configure the connection URL, username, password, and any other properties required by the connection pool (such as UCP or other).
My Wallet location is in this case /home/XXX/Wallet_XXX01
and service name XXX01_high