To configure a TLS connection to a target database that has client authentication enabled, you need to upload a JKS wallet during target database registration. This information applies to DB systems and Autonomous Databases.
SSL_CLIENT_AUTHENTICATION parameter is set to
TRUE in the
sqlnet.ora file on your target database, then client authentication is enabled. When you upload a JKS wallet during target database registration, you upload two files: a
keystore.jks file and a
truststore.jks file. The JKS wallet must contain the following items:
- Signing certificate chain (or root certificate if there is no intermediate signing certificate) that was used to issue the Oracle Data Safe private key and public certificate.
- Private key for Oracle Data Safe, which is acting as a client to the target database.
- Public certificate for Oracle Data Safe, which is acting as a client to the target database.
You can download a ready-made JKS wallet for an Autonomous Database from the database's console in Oracle Cloud Infrastructure. See Download the JKS Wallet for an Autonomous Database.
For a DB system, you need to create your own wallet. See Create a Self-Signed Certificate for a Target Database with Client Authentication Enabled for an example.