Oracle Cloud Infrastructure Documentation

TLS Connections to DB Systems with Client Authentication Enabled

To configure a TLS connection to a DB system that has client authentication enabled, you need to upload a JKS wallet during target database registration.

If the SSL_CLIENT_AUTHENTICATION parameter is set to TRUE in the sqlnet.ora file on your target database, then client authentication is enabled. When you upload a JKS wallet during target database registration, you upload two files: a keystore.jks file and a truststore.jks file. The JKS wallet must contain the following items:

  • Signing certificate chain (or root certificate if there is no intermediate signing certificate) that was used to issue the Oracle Data Safe private key and public certificate.
  • Private key for Oracle Data Safe, which is acting as a client to the target database.
  • Public certificate for Oracle Data Safe, which is acting as a client to the target database.

See Create a Self-Signed Certificate for a DB System with Client Authentication Enabled for an example.