Liquibase Enterprise was formerly known as Datical DB.
SSL Connection to an Oracle Database Through Oracle Wallet
Oracle Wallet is used to store configuration information for secure connections to Oracle databases.
Liquibase Enterprise supports secure connections (SSL) to Oracle databases through Oracle Wallet. This page describes the process:
- Have the correct version of the Oracle JDBC driver installed. The driver supplied with Liquibase Enterprise versions 5.7.5665 (or higher) was updated to support Oracle Wallet.
- Set up required configuration files and environment variables.
Note
Liquibase Enterprise uses Oracle Wallet for certificates only. You specify a user and password for the connection separately when creating the connection to the database in each DbDef.
See Oracle Wallet documentation maintained by Oracle Corporation.
Prerequisite: Oracle Wallet Installed and Configured
These instructions assume that you have done the following:
- Installed Oracle Wallet with your Oracle database and understand its use
- Created certificates and placed them in the Oracle Wallet on the server and the client
- Know the file location of the Oracle Wallet folder on the client
1. Create a Directory for Oracle Wallet Files
Create a directory on the host where you run Liquibase Enterprise to use for the wallet file and Oracle configuration files.
The example places it in the oracle_wallet
directory under the <project>
directory in the default location for Liquibase Enterprise projects. If Oracle is installed on the host, another common location might be $ORACLE_HOME/network/admin
.
Linux
/datical/oracle_wallet
Windows
C:\datical\oracle_wallet
2. Add Configuration Files to the Oracle Wallet Directory
File | Desription |
---|---|
ojdbc.properties | Oracle database driver configuration file. |
cwallet.sso | Oracle wallet file. Copy this file from the Oracle database server. Here is some more information about How To: Generate the cwallet.sso file and Load SSL Certificates from Liquibase Enterprise Knowledge base. |
sqlnet.ora | Profile configuration file for the Oracle database client. Copy this file from the Oracle database server. |
tnsnames.ora | Configuration file that maps net service names to connect descriptors. Copy this file from the Oracle database server. |
2a. Add Wallet Location to ojdbc.properties
Add the following line to the ojdbc.properties
file. The driver uses this property to access the other files.
Linux
oracle.net.wallet_location=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/datical/oracle_wallet)))
Windows
oracle.net.wallet_location=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\\datical\\oracle_wallet)))
2b. Add Service Name to tnsnames.ora
Add the following section to tnsnames.ora
. Substitute values for these tokens:
<oracledb-hostname>
- the host name of the machine (or VM or AWS instance) where Oracle is running<oracledb-port>
- the port configured to use SSL by the listener on the database server. Default is 2484.<oracledb-servicename>
- the host name of the machine (or VM or AWS instance) where the Oracle database server is running. If using a SID to connect, specify it instead.
In the following example, the section is named ORA_AWS
. You may name it as you wish. Use this name for the TNS Alias setting in Liquibase Enterprise projects.
ORA_AWS = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS) (HOST = <oracledb-hostname>) (PORT = <oracledb-port>) ) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = <oracledb-servicename>) ) )
3. Set TNS_ADMIN to Point to the Configuration Files Directory
On the host where Liquibase Enterprise is running, set the TNS_ADMIN environment variable to the directory containing the configuration files.
set TNS_ADMIN = /datical/oracle_wallet/
4. Set Up Liquibase Enterprise Projects to Use Oracle Wallet
When you create a DbDef in a project and choose Oracle as the database type, you set the following property:
- Connection Type - Choose TNSNAMES/LDAP
- TNS Alias - Specifies the service name in
tnsnames.ora
that contains configuration information for the connection.
See also Oracle Database Step Settings in Configuring Step Settings (DbDefs).
5. Test the Configuration
Note
Before running Oracle Wallet with Liquibase Enterprise, please run the OraConnect.groovy test script to verify that your environment is setup correctly.
- The command and it's usage can be found here: Testing Oracle Connections
Copyright © Liquibase 2012-2022 - Proprietary and Confidential