Oracle Database B10772-01 User Manual Page 199
- Page / 518
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Troubleshooting SSL
Conļ¬guring Secure Sockets Layer Authentication 7-33
Action: Check the following:
ā Ensure that the correct wallet location is speciļ¬ed in the sqlnet.ora ļ¬le
so the system can ļ¬nd the wallet.
ā Use Oracle Net Manager to ensure that cipher suites are set correctly in the
sqlnet.ora ļ¬le. (Sometimes this error occurs because the sqlnet.ora
has been manually edited and the cipher suite names are misspelled. Note
that case sensitive string matching is used with cipher suite names.)
ā Use Oracle Net Manager to ensure that the SSL versions on both the client
and the server match, or are compatible. Sometimes this error occurs
because the SSL version speciļ¬ed on the server and client do not match. For
example, if the server accepts only SSL 3.0 and the client accepts only TLS
1.0, then the SSL connection will fail.
ā For more diagnostic information, enable Oracle Net tracing on the peer.
ORA-28865: SSL Connection Closed
Cause: The SSL connection closed because of an error in the underlying
transport layer, or because the peer process quit unexpectedly.
Action: Check the following:
ā Use Oracle Net Manager to ensure that the SSL versions on both the client
and the server match, or are compatible. Sometimes this error occurs
because the SSL version speciļ¬ed on the server and client do not match. For
example, if the server accepts only SSL 3.0 and the client accepts only TLS
1.0, then the SSL connection will fail.
ā If you are using a Difļ¬e-Hellman anonymous cipher suite and the SSL_
CLIENT_AUTHENTICATION parameter is set to true in the server's
listener.ora ļ¬le, then the client does not pass its certiļ¬cate to the server.
When the server does not receive the client's certiļ¬cate, it (the server)
cannot authenticate the client so the connection is closed. To resolve this use
another cipher suite, or set this listener.ora parameter to false.
ā Enable Oracle Net tracing and check the trace output for network errors.
ā See Actions listed for "ORA-28862: SSL Connection Failed" on page 7-32
ORA-28868: Peer Certiļ¬cate Chain Check Failed
Cause: When the peer presented the certiļ¬cate chain, it was checked and that
check failed. This failure can be caused by a number of problems, including:
ā One of the certiļ¬cates in the chain is expired.
- Database 1
- Contents 5
- Advanced Security 10
- Part V Appendixes 13
- B Authentication Parameters 13
- E orapki Utility 14
- Glossary 16
- List of Figures 18
- List of Tables 21
- Send Us Your Comments 23
- ā Organization 25
- ā Related Documentation 25
- ā Conventions 25
- ā Documentation Accessibility 25
- ā Audience 25
- Audience 26
- Organization 26
- Related Documentation 29
- Conventions 31
- Conventions in Code Examples 32
- Documentation Accessibility 36
- ā Tool Changes 40
- ā Common Security Threats 46
- Common Security Threats 47
- Password-Related Threats 48
- Data Encryption 49
- Data Integrity 51
- Strong Authentication 52
- ā Entrust/PKI 54
- ā Smart Cards 55
- ā Token Cards 55
- ā DCE Communication/Security 55
- Enterprise User Management 57
- Overview 63
- Oracle Net Manager 64
- ā Other Params Property Sheet 66
- ā Integrity Property Sheet 66
- ā Encryption Property Sheet 66
- ā SSL Property Sheet 66
- Oracle Wallet Manager 68
- ā Members of the group 89
- ā Edit history for the group 89
- User Migration Utility 95
- About Encryption 104
- Advanced Encryption Standard 104
- DES Algorithm Support 104
- Triple-DES Support 104
- DES40 Algorithm 105
- See Also: 106
- Authentication Key Fold-in 107
- ā REJECTED 108
- ā ACCEPTED 108
- REJECTED 109
- ACCEPTED 109
- REQUESTED 109
- REQUIRED 109
- ā REQUESTED 112
- ā REQUIRED 112
- ā On the server: 113
- ā On the client: 113
- About the Java Implementation 117
- Securing Thin JDBC 118
- Implementation Overview 119
- Obfuscation 119
- Conļ¬guration Parameters 120
- Configuration Parameters 121
- Part III 123
- RADIUS Overview 125
- RADIUS Authentication Modes 127
- ā Change Default Settings 137
- ā Conļ¬gure Challenge-Response 137
- ā Troubleshooting 149
- Task 1: Install Kerberos 150
- ā Credential Cache File 155
- ā Conļ¬guration File 155
- ā Realm Translation File 155
- ā Key Table 155
- ā Clock Skew 155
- /krb5/krb.conf 157
- /etc/v5srvtab 157
- Domain Controller KDC 162
- Oracle Client 163
- Controller KDC 165
- Troubleshooting 166
- Authentication 167
- ā About Using SSL 168
- About Using SSL 169
- About Public Key Cryptography 171
- Certificate Authority 172
- Certificates 172
- Certificate Revocation Lists 173
- Hardware security modules 174
- SSL and Firewalls 178
- SSL Usage Issues 180
- Enabling SSL 181
- Important: 182
- (Figure 7ā3): 185
- TCP/IP with SSL on the Client 190
- Troubleshooting SSL 197
- What CRLs Should You Use? 201
- How CRL Checking Works 202
- Checking Selected 204
- Displaying orapki Help 207
- 1. File system 212
- 2. Oracle Internet Directory 212
- 3. CRL DP 212
- Security 214
- ā (UNIX) /opt/nfast 216
- ā (Windows) C:\nfast 216
- /log/logfile 218
- Using Oracle Wallet Manager 219
- Wallet Password Management 220
- Strong Wallet Encryption 221
- Backward Compatibility 221
- Multiple Certiļ¬cate Support 222
- LDAP Directory Support 225
- Managing Wallets 227
- Creating a New Wallet 228
- Opening an Existing Wallet 231
- Closing a Wallet 231
- Importing Third-Party Wallets 231
- Saving Changes 235
- Saving in System Default 235
- Deleting the Wallet 236
- Changing the Password 236
- Using Auto Login 237
- Managing Certiļ¬cates 238
- Adding a Certificate Request 239
- Managing Certificates 240
- Exporting a User Certificate 242
- Managing Trusted Certiļ¬cates 243
- % sqlplus scott/tiger@emp 248
- System Requirements 256
- DCE Communication/Security 257
- Flexible DCE Deployment 258
- Release Limitations 258
- Integration 262
- Task 1: Conļ¬gure the Server 263
- Task 5: Conļ¬gure the Client 270
- Parameters in protocol.ora 271
- DCE.AUTHENTICATION 271
- DCE.PROTECTION 271
- DCE.TNS_ADDRESS_OID 272
- DCE.LOCAL_CELL_USERNAMES 272
- Starting the Listener 277
- Sample Parameter Files 279
- The listener.ora File 280
- The tnsnames.ora File 281
- Enterprise User Security 283
- About Enterprise User Schemas 292
- Enterprise Users 295
- Enterprise Roles 296
- Enterprise Domains 298
- Database Server Entries 299
- OracleDBCreators 300
- OracleContextAdmins 300
- OracleDBSecurityAdmins 300
- OracleUserSecurityAdmins 300
- Administrative Groups 301
- ā By a password 307
- ā GLOBALLY 307
- ā EXTERNALLY 307
- Typical Configurations 312
- Tasks and Troubleshooting 313
- ā Register databases 318
- Directory 323
- 3. Click Apply 332
- SQL> /@connect_identifier 336
- NO-GLOBAL-ROLES Checklist 345
- USER-SCHEMA ERROR Checklist 346
- DOMAIN-READ-ERROR Checklist 347
- ā Enterprise domains 352
- ā Enterprise roles 352
- ā Enterprise users 352
- Management Realm 356
- Creating New Enterprise Users 359
- ā Directory logon 361
- ā All (the default setting) 369
- ā Password 369
- ā SSL (PKI certiļ¬cates) 369
- ā Kerberos 369
- Dialog Box 374
- Appendixes 383
- Sample sqlnet.ora File 385
- Kerberos 386
- SQLNET.ENCRYPTION_SERVER 388
- SQLNET.ENCRYPTION_CLIENT 388
- SQLNET.CRYPTO_CHECKSUM_SERVER 389
- SQLNET.CRYPTO_CHECKSUM_CLIENT 389
- ā MD5: Message Digest 5 392
- Authentication Parameters 395
- SQLNET.RADIUS_AUTHENTICATION 396
- SQLNET.RADIUS_SEND_ACCOUNTING 397
- SQLNET.RADIUS_SECRET 398
- SQLNET.RADIUS_ALTERNATE 398
- SQLNET.RADIUS_ALTERNATE_PORT 398
- Minimum RADIUS Parameters 400
- SSL Authentication Parameters 401
- Cipher Suite Parameters 402
- SSL Version Parameters 403
- Wallet Location 406
- Settings 409
- Cryptographic Seed Value 411
- FIPS Parameter 411
- Post Installation Checks 412
- Status Information 412
- Physical Security 413
- ā orapki Utility Overview 415
- /private/lhale/cert.txt 416
- To view a certiļ¬cate: 417
- <certificate_filename> 420
- Prerequisites 422
- [-summary 423
- Creating Entrust Proļ¬les 434
- User-Created Entrust Profiles 435
- Phase Two? 452
- Migration Process 453
- Required Database Privileges 454
- Required Directory Privileges 455
- Keyword: HELP 458
- Keyword: PHASE 458
- Keyword: DBLOCATION 458
- Keyword: DIRLOCATION 459
- Keyword: DBADMIN 459
- Keyword: ENTADMIN 460
- Keyword: USERS 460
- Keyword: USERSLIST 461
- Keyword: USERSFILE 461
- Keyword: MAPSCHEMA 462
- Keyword: MAPTYPE 463
- Keyword: CASCADE 464
- Keyword: CONTEXT 464
- Keyword: LOGFILE 465
- Keyword: PARFILE 465
- DBADMIN=system:manager 469
- DIRLOCATION=machine2:636 469
- Glossary-2 484
- Glossary-3 485
- Glossary-4 486
- Glossary-5 487
- Glossary-6 488
- Glossary-7 489
- Glossary-8 490
- Glossary-9 491
- Glossary-10 492
- Glossary-11 493
- Glossary-12 494
- Glossary-13 495
- Glossary-14 496
- Glossary-15 497
- Glossary-16 498
- Glossary-17 499
- Glossary-18 500
- Glossary-19 501
- Glossary-20 502
- Glossary-21 503
- Glossary-22 504
- Glossary-23 505
- Glossary-24 506
- Glossary-25 507
- Glossary-26 508
- Index-10 518
Related products and manuals for Database software Oracle Database B10772-01
Database software Oracle B32100-01 User Manual
(258 pages)
(258 pages)
Ā© 2020, manymanuals.com. All rights reserved. | 0.029 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals