Oracle Cloud Infrastructure Documentation

TLS Connections to Target Databases with Client Authentication Enabled

To configure a TLS connection to a target database that has client authentication enabled, you need to upload a JKS wallet during target database registration. This information applies to DB systems and Autonomous Databases.

If the SSL_CLIENT_AUTHENTICATION parameter is set to TRUE in the sqlnet.ora file on your target database, then client authentication is enabled. When you upload a JKS wallet during target database registration, you upload two files: a keystore.jks file and a truststore.jks file. The JKS wallet must contain the following items:

  • Signing certificate chain (or root certificate if there is no intermediate signing certificate) that was used to issue the Oracle Data Safe private key and public certificate.
  • Private key for Oracle Data Safe, which is acting as a client to the target database.
  • Public certificate for Oracle Data Safe, which is acting as a client to the target database.

You can download a ready-made JKS wallet for an Autonomous Database from the database's console in Oracle Cloud Infrastructure. See Download the JKS Wallet for an Autonomous Database.

For a DB system, you need to create your own wallet. See Create a Self-Signed Certificate for a Target Database with Client Authentication Enabled for an example.