Friday, July 5, 2024

Oracle Cloud Autonomous Database File Not Found for TLS Connection

The Attempt:

I created an Autonomous Database on Oracle Cloud.  I used TLS (protocol=tcps) to successfully connect from a Windows SQL*Plus Instant Client to the database on Oracle Cloud.  However, I was unable to connect from an Ubuntu (Gnome) SQL*Plus Instant Client to the database on Oracle Cloud.

The Error:

Each connection attempt from Ubuntu SQL*Plus Instant Client to the Autonomous Database on Oracle Cloud threw a "file not found" error.


I ran a "trace" in "sqlnet.ora" and found many "file not found" errors, all seemed to be related to Wallet, SSL, and Certificate Store.  In the trace file, I found SQL*Net was looking for the Certificate Store in "/etc/pki/tls/cert.pem".

The Solution:

I did not configure a wallet.  TLS uses CA Certificates instead of PKI certificates.

I found a single file (PEM bundle) in "/etc/ssl/certs/ca-certificates.crt".  This was confirmed at Ubuntu's Website: Ubuntu root CA certificate trust store location

I could not find a configuration in SQL*Net to change the location of the Certificate Store from "/etc/pki/tls/cert.pem" to "/etc/ssl/certs/ca-certficiates.crt".

I did find moscicki at GitHub had a Symbolic Link that I was missing.  After I created the symbolic link, I was able to make the TLS connection from Oracle Instant Client for Linux x86-64 Version to an Autonomous Database on Oracle Cloud without a wallet.

Run these as root in Ubuntu:

mkdir /etc/pki/tls
ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/cert.pem

No comments:

Post a Comment