Set Up Oracle TNS Configuration

1. On the Key Manager back ends, save the tnsnames.ora and the sqlnet.ora to the /etc/sshmgr/oracle_config directory. Examples of these files are provided in this section.

   note

   All files must be saved in Unix format for the SSL setup to work.

   The tnsnames.ora, which stores the TNS names. Set the values for HOST and PORT as the host name and port for connecting to your Oracle database. Replace instance_name with the name of the Oracle instance that is to be used by Key Manager:

   # tnsnames.ora Network Configuration File
   # /home/oracle/app/oracle/product/11.2.0/client_1/network/admin/tnsnames.ora
   # Generated by Oracle configuration tools.
   
   SSHMGR_SSL_SID =
     (DESCRIPTION =
       (ADDRESS_LIST =
         (ADDRESS = (PROTOCOL = TCPS)(HOST = oracle.example.com)(PORT = 2484))
       )
       (CONNECT_DATA =
         (SERVICE_NAME = instance_name)
       )
       (SECURITY = ( SSL_SERVER_CERT_DN = "CN=oracle.example.com" ) )
     )  

   The sqlnet.ora, which points to the wallet location:

   # sqlnet.ora Network Configuration File
   # /home/oracle/app/oracle/product/11.2.0/client_1/network/admin/sqlnet.ora
   # Generated by Oracle configuration tools.
   
   SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)
   
   SSL_VERSION = 0
   
   NAMES.DIRECTORY_PATH= (TNSNAMES)
   
   SSL_CLIENT_AUTHENTICATION = TRUE
   
   SQLNET.CRYPTO_SEED = '1234567890'
   
   SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256, RC4_256, 3DES112, 3DES168, AES128,
     RC4_128, RC4_56, AES192, RC4_40, DES40, DES)
   
   WALLET_LOCATION =
     (SOURCE =
       (METHOD = FILE)
       (METHOD_DATA =
         (DIRECTORY = /etc/sshmgr/oracle_config)
       )
     )
   
   SSL_CIPHER_SUITES=
     (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA)
   
   ADR_BASE = /home/oracle/app/oracle 

2. Set the appropriate access rights for the files:

   # chown sshmgr:nginx /etc/sshmgr/oracle_config/*
   # chmod 740 /etc/sshmgr/oracle_config/*