Connect to Oracle using SSL

SSL (Secure Sockets Layer) is a standard protocol that secures communication between a client and a server over untrusted networks. It operates on top of TCP/IP and uses public-key cryptography to authenticate both parties and encrypt data transmission.

During server authentication, the SSL-enabled client verifies the server’s identity by checking that its certificate is issued by a trusted Certificate Authority and that it owns the corresponding public key.

Client authentication allows the server to verify the client’s identity. While self-signed certificates can be used for mutual authentication, they are generally recommended only for intranet or development environments.

After the SSL connection is established, both parties exchange data using symmetric encryption with a shared secret key. Compared to SSH, SSL is often preferred for Oracle connections due to its simpler configuration and better performance.

Connection methods

You can establish a secure SSL connection to an Oracle database using one of the following methods, depending on how your credentials are stored and managed: in a secure wallet file, in the Windows Registry, or as individual SSL certificates and a private key.

Connect using a wallet file

An Oracle wallet is a secure container that stores authentication credentials, including the certificates and keys required for SSL.

To connect using a wallet file:

1. In the ODBC Data Source Administrator, select your DSN and click Configure.

2. Select the Security Settings tab.

3. In Wallet Path, specify the full path to the wallet file.

The Security Settings tab in the ODBC Data Source Administrator with the filled Wallet Path field

For instructions on creating an Oracle wallet, see Using Oracle Wallet Manager. If you’re using Oracle Cloud, see Download Database Connection Information for guidance on obtaining a wallet.

Connect using a wallet stored in the Windows Registry

You can also store the Oracle wallet in the Windows Registry.

To connect using a registry-stored wallet:

1. In the ODBC Data Source Administrator, select your DSN and click Configure.

2. Select the Security Settings tab.

3. In Wallet Registry, specify the registry key.

The Security Settings tab in the ODBC Data Source Administrator with the filled Wallet Registry field

For more information, see Storing Oracle Wallets in the Windows Registry.

Connect using SSL certificates and a key

To connect using individual certificate and key files:

1. In the ODBC Data Source Administrator, select your DSN and click Configure.

2. Select the Security Settings tab.

3. Specify the full path to the files in the corresponding fields:

CA Certificate – The certificate of the Certificate Authority.
Certificate – The client’s certificate.
Key – The client’s private key.

The Security Settings tab in the ODBC Data Source Administrator with the filled CA Certificate, Certificate, and Key fields

SSL connection options

Option	Description
`Use SSL`	Enables SSL connections.
`Wallet Path`	The full path to the wallet file.
`Wallet Registry`	The registry key where the wallet is stored.
`CA Certificate`	The full path to the Certificate Authority certificate file.
`Certificate`	The full path to the client certificate file.
`Key`	The full path to the private client key file.
`Key Password`	The password for the private client key. Leave empty if the key isn’t encrypted.
`Server Certificate DN`	The server’s Distinguished Name (DN) used for server DN matching. The identity of the server is verified by comparing the DN from the server certificate with the server’s global database name.
`Ignore Server Certificate Validity`	If `True`, skips checking the validity period of the server certificate during the SSL handshake. The default value is `True`.
`Ignore Server Certificate Constraints`	If `True`, skips checking the server certificate for compliance with constraints. The default value is `True`.
`Trust Server Certificate`	If `True`, skips validating the certificate chain and trusts the server certificate. The default value is `False`.
`Ignore Server Certificate Insecurity`	If `True`, skips verifying the security of the server certificate’s signature. The default value is `False`.

Sample connection strings

Connection using an Oracle wallet (path)

DRIVER={Devart ODBC Driver for Oracle};Direct=True;Host=tcps://myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use SSL=True;Wallet Path=C:\\Wallet\\cwallet.sso

Connection using an Oracle wallet (registry)

DRIVER={Devart ODBC Driver for Oracle};Direct=True;Host=tcps://myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use SSL=True;Wallet Registry=\\\\HKEY\_CURRENT\_USER\\Software\\Oracle\\Wallets\\Key1\\myWallet.sso

Connection using SSL certificates and a key

DRIVER={Devart ODBC Driver for Oracle};Direct=True;Host=tcps://myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use SSL=True;SSL CA Cert=C:\\myCaCertificate.pem;SSL Cert=C:\\myClientCertificate.pem;SSL Key=C:\\myPrivateClient\\myKey.pem