|
SSL Connection to Oracle with ODBC Driver |
|
|
|
SSL Connection to Oracle with ODBC Driver |
|
SSL (Secure Sockets Layer) is a standard protocol for secure access to a remote machine over untrusted networks. It runs on top of TCP/IP to secure client-server communications by allowing an SSL-enabled client to authenticate itself to an SSL-enabled server and vice versa. During server authentication, an SSL-enabled client application uses standard techniques of public-key cryptography to verify the server's identity by checking that the server's certificate is issued by a trusted certificate authority (CA) and proves the ownership of the public key.
Conversely, SSL client authentication allows the server to validate the client's identity. The client and server can also authenticate each other using self-signed certificates, however, you will almost never want to use a self-signed certificate, except for an Intranet or a development server. After establishing an SSL connection, the client and server can exchange messages that are symmetrically encrypted with the shared secret key. SSL is the recommended method to establish a secure connection to Oracle due to easier configuration and higher performance, compared to SSH.
A wallet is container for storing authentication and signing credentials, including keys and certificates needed by SSL. To establish an SSL connection to Oracle Database using a wallet file, specify the path to the wallet in the Wallet Path field. See the Oracle documentation for information on creating an Oracle wallet. If you are using Oracle Cloud, see this document for information on obtaining a wallet.
To establish an SSL connection to Oracle Database using a wallet that is stored in the Windows registry, specify the registry key in the Wallet Path field. See this document for information on storing a wallet in the registry.
CA Certificate, Certificate, and Key fields, respectively.
|
Option |
Description |
|---|---|
|
|
Enables SSL connections. |
Wallet Path
|
The directory where the wallet is stored. |
Wallet Registry
|
The registry key where the wallet is stored. |
|
|
The CA certificate. |
|
|
The client certificate. |
|
|
The private client key. |
|
|
The server's distinguished name (DN) to enable server DN matching. It checks whether the server is genuine by matching the server's global database name against the DN from the server certificate. |
|
|
Specifies whether to check the server certificate validity period during an SSL handshake. The default value is |
|
|
Specifies whether to verify the server certificate for compliance with constraints during an SSL handshake. The default value is |
|
|
Specifies whether to verify the server certificate during an SSL handshake. By default, the driver verifies the server certificate. When the option is set to |
|
|
Specifes whether to check the server certificate signature security during an SSL handshake. The default value is |
|
DRIVER={Devart ODBC Driver for Oracle};Direct=True;Host=tcps://myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use SSL=True;Wallet Path=myWallet.sso |
|
DRIVER={Devart ODBC Driver for Oracle};Direct=True;Host=tcps://myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use SSL=True;Wallet Registry=\\HKEY_CURRENT_USER\Software\Oracle\Wallets\Key1\myWallet.sso |
|
DRIVER={Devart ODBC Driver for Oracle};Direct=True;Host=tcps://myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use SSL=True;SSL CA Cert=C:\myCaCertificate.pem;SSL Cert=C:\myClientCertificate.pem;SSL Key=C:\myPrivateClient\myKey.pem |