8-10 Oracle Fusion Middleware Application Security Guide On the host where the client is running, start Oracle Wallet Manager and using this tool proceed as follows: 1. Create a wallet and import the DB server trusted CA certificate created in the first procedure in section Configuring SSL on an Oracle DB Server . 2. To establish two-way SSL: 1. Create a certificate request. 2. Sign the certificate with the CA certificate. 3. Import the certificate into wallet. This certificate is used as the client certificate when connecting to DB server over a two-way SSL.

3. Check the check box Auto Login under the menu Wallet.

4. Save the wallet. If connecting to the server with sqlplus, use Oracle Net Manager to create a TNS service by navigating to Oracle Net Configuration Configure SSL for Client Service Naming .

8.3.3.2.2 Connecting to a DB Server with JDBC Thin Driver In this scenario, proceed as

follows: 1. Set your JDBC URL with following SSL-specific settings: ■ PROTOCOL=TCPS. ■ SECURITY with correct SSL SERVER_CERT_CN value. The following snippet illustrates this setting: jdbc:oracle:thin:DESCRIPTION=ADDRESS_LIST=ADDRESS=PROTOCOL=TCPSHOST=mySe rver.us.oracle.comPORT=2484CONNECT_DATA=SERVICE_NAME=orcl.us.oracle.com SECURITY=SSL_SERVER_CERT_DN=CN=dbserver,OU=OPSS,O=Oracle,ST=Beijing,C=CN 2. Set the following system properties with the appropriate values: oracle.net.ssl_server_dn_match javax.net.ssl.trustStore javax.net.ssl.trustStoreType javax.net.ssl.trustStorePassword javax.net.ssl.keystore javax.net.ssl.keyStoreType javax.net.ssl.keyStorePassword For a Java SE application, set the above properties using the -D option when starting a JVM. Important: If for this TNS service you set Match server X.509 name to Yes, then the value of SSL_SERVER_CERT_DN must be the same as the value of DN set in the DB server certificate, as illustrated below where CN=dbserver,OU=OPSS,O=Oracle,ST=Beijing,C=CN is the DB server certificate DN: SECURITY= SSL_SERVER_CERT_DN=CN=dbserver,OU=OPSS,O=Oracle,ST=Beijing,C=CN