I need to have a port open with SSL configured. I have successfully done it on Enterprise Edition of 12c and 11g, but I have problem with doing it with this image. I think it may be a useful general improvement.
Parameters (in form of environment variables):
port for TCPS
wallet files (if none provided, use pre-generated wallet with self-signed certificate)
I already started working on it:
XE 11g license allows using SSL, but it does not provide orapki to generate necessary wallet
I have used another instance to create a wallet and then moved it to this one on startup
I have modified listener.ora, tnsnames.ora and sqlnet.ora to setup connector on desired port and link wallet
Sadly, for some reasons unbeknown to me I can't get it working - I'm seeing this kind of error in trace files:
ntzlogin:Wallet open failed with error 29106
Looks like for some reason this database can't read my generated wallet.
If you want, I can share my work and elaborate about what I learned about SSL in Oracle. The biggest problem is that I am not an Oracle expert so I don't have enough knowledge to debug and fix issues I stumbled upon, so I am both willing to contribute and looking for help.
@wnameless Do you think it is possible to add this kind of feature?
I need to have a port open with SSL configured. I have successfully done it on Enterprise Edition of 12c and 11g, but I have problem with doing it with this image. I think it may be a useful general improvement. Parameters (in form of environment variables):
I already started working on it:
Sadly, for some reasons unbeknown to me I can't get it working - I'm seeing this kind of error in trace files: ntzlogin:Wallet open failed with error 29106 Looks like for some reason this database can't read my generated wallet.
If you want, I can share my work and elaborate about what I learned about SSL in Oracle. The biggest problem is that I am not an Oracle expert so I don't have enough knowledge to debug and fix issues I stumbled upon, so I am both willing to contribute and looking for help.
@wnameless Do you think it is possible to add this kind of feature?