The Attempt:
I created an Autonomous Database on Oracle Cloud. I used TLS (protocol=tcps) to successfully connect from a Windows SQL*Plus Instant Client to the database on Oracle Cloud. However, I was unable to connect from an Ubuntu (Gnome) SQL*Plus Instant Client to the database on Oracle Cloud.
The Error:
Each connection attempt from Ubuntu SQL*Plus Instant Client to the Autonomous Database on Oracle Cloud threw a "file not found" error.
Troubleshooting:
I ran a "trace" in "sqlnet.ora" and found many "file not found" errors, all seemed to be related to Wallet, SSL, and Certificate Store. In the trace file, I found SQL*Net was looking for the Certificate Store in "/etc/pki/tls/cert.pem".
The Solution:
I did not configure a wallet. TLS uses CA Certificates instead of PKI certificates.
I found a single file (PEM bundle) in "/etc/ssl/certs/ca-certificates.crt". This was confirmed at Ubuntu's Website: Ubuntu root CA certificate trust store location
I could not find a configuration in SQL*Net to change the location of the Certificate Store from "/etc/pki/tls/cert.pem" to "/etc/ssl/certs/ca-certficiates.crt".
I did find moscicki at GitHub had a Symbolic Link that I was missing. After I created the symbolic link, I was able to make the TLS connection from Oracle Instant Client for Linux x86-64 Version 23.4.0.0.0 to an Autonomous Database on Oracle Cloud without a wallet.
Run these as root in Ubuntu:
mkdir /etc/pki/tls
ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/cert.pem
No comments:
Post a Comment