SSL/TLS Support in Direct Mode
In This Topic
dotConnect for Oracle supports connections using SSL in the Direct mode (as well as in the OCI mode). It offers 4 ways to provide SSL certificates to the server (four kinds of certificate sources).
-
Loading certificates from Oracle Wallet that is stored in a file. To use a certificate from Oracle Wallet that is stored in a file in the Direct mode, specify its location via the DirectUtils class properties:
DirectUtils.WalletMethod = WalletMethod.File;
DirectUtils.WalletLocation = "C:\\oracle\\admin\\wallet\\";
DirectUtils.WalletMethod = WalletMethod.File
DirectUtils.WalletLocation = "C:\oracle\admin\wallet\"
-
Loading certificates from Oracle Wallet that is stored in the registry. As well as in the previous case, you may specify its location via the DirectUtils class properties. For the WalletLocation property, you may use the "DEFAULT" keyword, which means to look in the default Oracle Wallet location, or specify a custom registry key:
DirectUtils.WalletMethod = WalletMethod.Registry;
DirectUtils.WalletLocation = "DEFAULT";
DirectUtils.WalletMethod = WalletMethod.Registry
DirectUtils.WalletLocation = "DEFAULT"
-
The third way is using Microsoft Certificate Storage.
X509Certificate2 certificate = new X509Certificate2("D:\\Projects\\_OracleSSL\\wallet\\ClientSSL.cert");
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
DirectUtils.WalletMethod = WalletMethod.MCS;
Dim certificate As X509Certificate2 = New X509Certificate2("D:\Projects\_OracleSSL\wallet\ClientSSL.cert")
Dim store As X509Store = New X509Store(StoreName.My, StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadWrite)
store.Add(certificate)
DirectUtils.WalletMethod = WalletMethod.MCS
-
And finally, you may simply pass a certificate as the SSL Cert connection string parameter. You need to provide the certificate as a base64 encoded string. Note that in this case you don't need to set anything via the DirectUtils class. Specifying the SSL Cert connection string parameter overrides any SSL-related DirectUtils class settings.
If you specify the certificate location via the DirectUtils class, you can specify the Server connection string parameter in such a way the OracleConnection knows that SSL must be used. It can be done in two ways. You can either specify the Server as a TNS descriptor, including the PROTOCOL parameter, set to tcps, or use our shortened form that also includes protocol.
Note that Oracle Wallet, specified via the DirectUtils class, is used globally, for all the application connections. If you want to use different wallets for different connections, you may use the SSL Wallet Path connection string parameter. to specify different wallets for different connections. If specified, this parameter overrides the DirectUtils.WalletLocation settings.
As an alternative to specifying SSL-related parameters in the connection string, you may also use our SslOptions class and the SslOptions property of OracleConnection.
Here is an example of specifying the same Oracle Server in both ways:
// Specifying a TNS descriptor:
connection.ConnectionString = "Direct=True;Server=(DESCRIPTION=" +
"(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcps)(HOST=OracleSSL)(PORT=2484)))" +
"(CONNECT_DATA=(SERVICE_NAME=orcl))(SECURITY=(SSL_SERVER_CERT_DN=\"C=UA,O=Devart,OU=DevartSSL,CN=TestSSL\")));" +
"User ID=scott;Password=tiger;" +
"SSL Cert=MIIB+zCCAWQCAQAwDQYJKoZIhvcNAQEEBQAwRjESMBAGA1UEAxMJQ2xpZW50U1NMMRIwEAYDVQQLEwlEZXZhcnRTU0wxDzANB" +
"gNVBAoTBkRldmFydDELMAkGA1UEBhMCVUEwHhcNMTkxMjI0MTM1MTAwWhcNMjkxMjIxMTM1MTAwWjBGMRIwEAYDVQQDEwlDbGllbnRTU0wx" +
"EjAQBgNVBAsTCURldmFydFNTTDEPMA0GA1UEChMGRGV2YXJ0MQswCQYDVQQGEwJVQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5DQ" +
"PPPYPVEsnuzhBfzdy0Y1rpNR5Ev6bK+YpajfdEKr42dno3x/dvQpRuno9ZUHfHTwQsLV+hXxsa/L1jfV45sqQW18DmXevllvgfik6DbeOMd" +
"0xsHsxDPM3rNv2fJ8aSJKQd4kLE8oSkvjBViwtHaOx0bJbShrm5G5lndoHqc8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAEvH+cBRDM7n7MA" +
"mQlkbtA1WxkV3aBTdwXXf0FecJRRTXHJOlhJsBmmejtvfy1YpugssHDXY+aQM8bH4HD/6NHORV+CX4tUmxRwPaCljxHNvlVZnwUoScZoWLy" +
"U/75txaWocHgzj6XQ3WlA/Kge/o1cpv9RxomXAoeIP+TcnUlfg==;" +
"SSL Key=MIICXAIBAAKBgQDkNA889g9USye7OEF/N3LRjWuk1HkS/psr5ilqN90QqvjZ2ejfH929ClG6ej1lQd8dPBCwtX6FfGxr8vWN9Xj" +
"mypBbXwOZd6+WW+B+KToNt44x3TGwezEM8zes2/Z8nxpIkpB3iQsTyhKS+MFWLC0do7HRsltKGubkbmWd2gepzwIDAQABAoGAQOYFR2L67R" +
"AKlpXjGpjcUHgVmuTKIfrCinOEZ67HccwNxXbRYVMgrnhW0d+dwkQ/fYLthDO5baD6/KA18U9UOFTPVN5yKE2Hsf5mwN07U5d2/ZbslK42o" +
"iLaFHAKx2lJkb7HbdtnmlQMTXM8vwzl12ydIVX0rMFYGVRCqT0a1yECQQD+WhHZ5IS04+TRUSzMVGahHY3rgFVrCk6Qv0AMlzBaXeIEewGt" +
"QrjXFAuvV80Ztb+fed2cVOfbwsUb6so/CD1pAkEA5a6dD8eamk3GK6NapfBv+G8Wanq4yEwZX/e08lNpHKSDq1L1a9jCTIpOe8p5zaPIdZw" +
"48LgxNglbSTHfAlBudwJAJ7EAhiMd/mhtxahIOF6XYV8OTYjKS5jhJ79gjFZvijqKUa6sVVBLLe0H4cXu0KtHCujmh0XMpMOhJLkf9HQhuQ" +
"JAeBQlKvXI/zkADRp3LuAYOgMh7gNBDf6zGXgwkqxG/OGJsQ1LH9oQIuIADDocGgWxrMNDBZ7Wo5CauBapp9UTGwJBAJxdxA1JjFPIjqTfc" +
"i5kgG2lg0kdgACobQbBICuHx+mIgxvw48vPYDUjUetVGKgeYg+sD6O3uyL0XYK/uDP+lz4=";
// Specifying a shortened form:
connection.ConnectionString = "Direct=True;Server=tcps://OracleSSL:2484/orcl;User ID=scott;Password=tiger" +
"SSL ServerCertDN=\"C=UA,O=Devart,OU=DevartSSL,CN=TestSSL\;" +
"SSL Cert=MIIB+zCCAWQCAQAwDQYJKoZIhvcNAQEEBQAwRjESMBAGA1UEAxMJQ2xpZW50U1NMMRIwEAYDVQQLEwlEZXZhcnRTU0wxDzANB" +
"gNVBAoTBkRldmFydDELMAkGA1UEBhMCVUEwHhcNMTkxMjI0MTM1MTAwWhcNMjkxMjIxMTM1MTAwWjBGMRIwEAYDVQQDEwlDbGllbnRTU0wx" +
"EjAQBgNVBAsTCURldmFydFNTTDEPMA0GA1UEChMGRGV2YXJ0MQswCQYDVQQGEwJVQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5DQ" +
"PPPYPVEsnuzhBfzdy0Y1rpNR5Ev6bK+YpajfdEKr42dno3x/dvQpRuno9ZUHfHTwQsLV+hXxsa/L1jfV45sqQW18DmXevllvgfik6DbeOMd" +
"0xsHsxDPM3rNv2fJ8aSJKQd4kLE8oSkvjBViwtHaOx0bJbShrm5G5lndoHqc8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAEvH+cBRDM7n7MA" +
"mQlkbtA1WxkV3aBTdwXXf0FecJRRTXHJOlhJsBmmejtvfy1YpugssHDXY+aQM8bH4HD/6NHORV+CX4tUmxRwPaCljxHNvlVZnwUoScZoWLy" +
"U/75txaWocHgzj6XQ3WlA/Kge/o1cpv9RxomXAoeIP+TcnUlfg==;" +
"SSL Key=MIICXAIBAAKBgQDkNA889g9USye7OEF/N3LRjWuk1HkS/psr5ilqN90QqvjZ2ejfH929ClG6ej1lQd8dPBCwtX6FfGxr8vWN9Xj" +
"mypBbXwOZd6+WW+B+KToNt44x3TGwezEM8zes2/Z8nxpIkpB3iQsTyhKS+MFWLC0do7HRsltKGubkbmWd2gepzwIDAQABAoGAQOYFR2L67R" +
"AKlpXjGpjcUHgVmuTKIfrCinOEZ67HccwNxXbRYVMgrnhW0d+dwkQ/fYLthDO5baD6/KA18U9UOFTPVN5yKE2Hsf5mwN07U5d2/ZbslK42o" +
"iLaFHAKx2lJkb7HbdtnmlQMTXM8vwzl12ydIVX0rMFYGVRCqT0a1yECQQD+WhHZ5IS04+TRUSzMVGahHY3rgFVrCk6Qv0AMlzBaXeIEewGt" +
"QrjXFAuvV80Ztb+fed2cVOfbwsUb6so/CD1pAkEA5a6dD8eamk3GK6NapfBv+G8Wanq4yEwZX/e08lNpHKSDq1L1a9jCTIpOe8p5zaPIdZw" +
"48LgxNglbSTHfAlBudwJAJ7EAhiMd/mhtxahIOF6XYV8OTYjKS5jhJ79gjFZvijqKUa6sVVBLLe0H4cXu0KtHCujmh0XMpMOhJLkf9HQhuQ" +
"JAeBQlKvXI/zkADRp3LuAYOgMh7gNBDf6zGXgwkqxG/OGJsQ1LH9oQIuIADDocGgWxrMNDBZ7Wo5CauBapp9UTGwJBAJxdxA1JjFPIjqTfc" +
"i5kgG2lg0kdgACobQbBICuHx+mIgxvw48vPYDUjUetVGKgeYg+sD6O3uyL0XYK/uDP+lz4=";
' Specifying a TNS descriptor:
connection.ConnectionString = "Direct=True;Server=(DESCRIPTION=" & _
"(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcps)(HOST=OracleSSL)(PORT=2484)))" & _
"(CONNECT_DATA=(SERVICE_NAME=orcl))(SECURITY=(SSL_SERVER_CERT_DN=""C=UA,O=Devart,OU=DevartSSL,CN=TestSSL"")));" & _
"User ID=scott;Password=tiger" & _
"SSL Cert=MIIB+zCCAWQCAQAwDQYJKoZIhvcNAQEEBQAwRjESMBAGA1UEAxMJQ2xpZW50U1NMMRIwEAYDVQQLEwlEZXZhcnRTU0wxDzANB" & _
"gNVBAoTBkRldmFydDELMAkGA1UEBhMCVUEwHhcNMTkxMjI0MTM1MTAwWhcNMjkxMjIxMTM1MTAwWjBGMRIwEAYDVQQDEwlDbGllbnRTU0wx" & _
"EjAQBgNVBAsTCURldmFydFNTTDEPMA0GA1UEChMGRGV2YXJ0MQswCQYDVQQGEwJVQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5DQ" & _
"PPPYPVEsnuzhBfzdy0Y1rpNR5Ev6bK+YpajfdEKr42dno3x/dvQpRuno9ZUHfHTwQsLV+hXxsa/L1jfV45sqQW18DmXevllvgfik6DbeOMd" & _
"0xsHsxDPM3rNv2fJ8aSJKQd4kLE8oSkvjBViwtHaOx0bJbShrm5G5lndoHqc8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAEvH+cBRDM7n7MA" & _
"mQlkbtA1WxkV3aBTdwXXf0FecJRRTXHJOlhJsBmmejtvfy1YpugssHDXY+aQM8bH4HD/6NHORV+CX4tUmxRwPaCljxHNvlVZnwUoScZoWLy" & _
"U/75txaWocHgzj6XQ3WlA/Kge/o1cpv9RxomXAoeIP+TcnUlfg==;" & _
"SSL Key=MIICXAIBAAKBgQDkNA889g9USye7OEF/N3LRjWuk1HkS/psr5ilqN90QqvjZ2ejfH929ClG6ej1lQd8dPBCwtX6FfGxr8vWN9Xj" & _
"mypBbXwOZd6+WW+B+KToNt44x3TGwezEM8zes2/Z8nxpIkpB3iQsTyhKS+MFWLC0do7HRsltKGubkbmWd2gepzwIDAQABAoGAQOYFR2L67R" & _
"AKlpXjGpjcUHgVmuTKIfrCinOEZ67HccwNxXbRYVMgrnhW0d+dwkQ/fYLthDO5baD6/KA18U9UOFTPVN5yKE2Hsf5mwN07U5d2/ZbslK42o" & _
"iLaFHAKx2lJkb7HbdtnmlQMTXM8vwzl12ydIVX0rMFYGVRCqT0a1yECQQD+WhHZ5IS04+TRUSzMVGahHY3rgFVrCk6Qv0AMlzBaXeIEewGt" & _
"QrjXFAuvV80Ztb+fed2cVOfbwsUb6so/CD1pAkEA5a6dD8eamk3GK6NapfBv+G8Wanq4yEwZX/e08lNpHKSDq1L1a9jCTIpOe8p5zaPIdZw" & _
"48LgxNglbSTHfAlBudwJAJ7EAhiMd/mhtxahIOF6XYV8OTYjKS5jhJ79gjFZvijqKUa6sVVBLLe0H4cXu0KtHCujmh0XMpMOhJLkf9HQhuQ" & _
"JAeBQlKvXI/zkADRp3LuAYOgMh7gNBDf6zGXgwkqxG/OGJsQ1LH9oQIuIADDocGgWxrMNDBZ7Wo5CauBapp9UTGwJBAJxdxA1JjFPIjqTfc" & _
"i5kgG2lg0kdgACobQbBICuHx+mIgxvw48vPYDUjUetVGKgeYg+sD6O3uyL0XYK/uDP+lz4="
' Specifying a shortened form:
connection.ConnectionString = "Direct=True;Server=tcps://OracleSSL:2484/orcl;User ID=scott;Password=tiger" & _
"SSL ServerCertDN=\"C=UA,O=Devart,OU=DevartSSL,CN=TestSSL\;" & _
"SSL Cert=MIIB+zCCAWQCAQAwDQYJKoZIhvcNAQEEBQAwRjESMBAGA1UEAxMJQ2xpZW50U1NMMRIwEAYDVQQLEwlEZXZhcnRTU0wxDzANB" & _
"gNVBAoTBkRldmFydDELMAkGA1UEBhMCVUEwHhcNMTkxMjI0MTM1MTAwWhcNMjkxMjIxMTM1MTAwWjBGMRIwEAYDVQQDEwlDbGllbnRTU0wx" & _
"EjAQBgNVBAsTCURldmFydFNTTDEPMA0GA1UEChMGRGV2YXJ0MQswCQYDVQQGEwJVQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5DQ" & _
"PPPYPVEsnuzhBfzdy0Y1rpNR5Ev6bK+YpajfdEKr42dno3x/dvQpRuno9ZUHfHTwQsLV+hXxsa/L1jfV45sqQW18DmXevllvgfik6DbeOMd" & _
"0xsHsxDPM3rNv2fJ8aSJKQd4kLE8oSkvjBViwtHaOx0bJbShrm5G5lndoHqc8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAEvH+cBRDM7n7MA" & _
"mQlkbtA1WxkV3aBTdwXXf0FecJRRTXHJOlhJsBmmejtvfy1YpugssHDXY+aQM8bH4HD/6NHORV+CX4tUmxRwPaCljxHNvlVZnwUoScZoWLy" & _
"U/75txaWocHgzj6XQ3WlA/Kge/o1cpv9RxomXAoeIP+TcnUlfg==;" & _
"SSL Key=MIICXAIBAAKBgQDkNA889g9USye7OEF/N3LRjWuk1HkS/psr5ilqN90QqvjZ2ejfH929ClG6ej1lQd8dPBCwtX6FfGxr8vWN9Xj" & _
"mypBbXwOZd6+WW+B+KToNt44x3TGwezEM8zes2/Z8nxpIkpB3iQsTyhKS+MFWLC0do7HRsltKGubkbmWd2gepzwIDAQABAoGAQOYFR2L67R" & _
"AKlpXjGpjcUHgVmuTKIfrCinOEZ67HccwNxXbRYVMgrnhW0d+dwkQ/fYLthDO5baD6/KA18U9UOFTPVN5yKE2Hsf5mwN07U5d2/ZbslK42o" & _
"iLaFHAKx2lJkb7HbdtnmlQMTXM8vwzl12ydIVX0rMFYGVRCqT0a1yECQQD+WhHZ5IS04+TRUSzMVGahHY3rgFVrCk6Qv0AMlzBaXeIEewGt" & _
"QrjXFAuvV80Ztb+fed2cVOfbwsUb6so/CD1pAkEA5a6dD8eamk3GK6NapfBv+G8Wanq4yEwZX/e08lNpHKSDq1L1a9jCTIpOe8p5zaPIdZw" & _
"48LgxNglbSTHfAlBudwJAJ7EAhiMd/mhtxahIOF6XYV8OTYjKS5jhJ79gjFZvijqKUa6sVVBLLe0H4cXu0KtHCujmh0XMpMOhJLkf9HQhuQ" & _
"JAeBQlKvXI/zkADRp3LuAYOgMh7gNBDf6zGXgwkqxG/OGJsQ1LH9oQIuIADDocGgWxrMNDBZ7Wo5CauBapp9UTGwJBAJxdxA1JjFPIjqTfc" & _
"i5kgG2lg0kdgACobQbBICuHx+mIgxvw48vPYDUjUetVGKgeYg+sD6O3uyL0XYK/uDP+lz4="
In the latter case we provide the server URL starting with the protocol, then followed by the host name and port, and finally, by the service name. If you want to also specify SSL_SERVER_CERT_DN in order to perform a check of the server's certificate, you may use the SSL ServerCertDN connection string parameter.
See Also
Logging Onto The Server
| Connecting to Oracle using OracleCredential
| SSH Support in Direct Mode
| Connecting to Oracle Autonomous Database