Go to main content
1/35
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documentation
Conventions
What's New in Oracle Advanced Security?
Oracle Database 11
g
Release 2 (11.2.0.4) New Features in Oracle Advanced Security
Oracle Database 11g Release 2 (11.2.0.3) New Features in Oracle Advanced Security
Oracle Database 11
g
Release 2 (11.2) New Features in Oracle Advanced Security
Oracle Database 11
g
Release 1 (11.1) New Features in Oracle Advanced Security
Part I Getting Started with Oracle Advanced Security
1
Introduction to Oracle Advanced Security
1.1
Security Challenges in an Enterprise Environment
1.1.1
Security in Enterprise Grid Computing Environments
1.1.2
Security in an Intranet or Internet Environment
1.1.3
Common Security Threats
1.1.3.1
Eavesdropping and Data Theft
1.1.3.2
Data Tampering
1.1.3.3
Falsifying User Identities
1.1.3.4
Password-Related Threats
1.2
Solving Security Challenges with Oracle Advanced Security
1.2.1
Data Encryption
1.2.1.1
Supported Encryption Algorithms
1.2.1.2
Data Integrity
1.2.1.3
Federal Information Processing Standard
1.2.2
Strong Authentication
1.2.2.1
Centralized Authentication and Single Sign-On
1.2.2.2
Supported Authentication Methods
1.3
Oracle Advanced Security Architecture
1.4
System Requirements
1.5
Oracle Advanced Security Restrictions
2
Configuration and Administration Tools Overview
2.1
Network Encryption and Strong Authentication Configuration Tools
2.1.1
Oracle Net Manager
2.1.1.1
Starting Oracle Net Manager
2.1.1.2
Navigating to the Oracle Advanced Security Profile
2.1.1.3
Oracle Advanced Security Profile Property Sheets
2.1.2
Oracle Advanced Security Kerberos Adapter Command-Line Utilities
2.2
Public Key Infrastructure Credentials Management Tools
2.2.1
Oracle Wallet Manager
2.2.1.1
Starting Oracle Wallet Manager
2.2.1.2
Navigating the Oracle Wallet Manager User Interface
2.2.1.3
Toolbar
2.2.1.4
Menus
2.2.2
orapki Utility
2.3
Duties of a Security Administrator/DBA
Part II Oracle Data Redaction
3
Introduction to Oracle Data Redaction
3.1
What Is Oracle Data Redaction?
3.2
When to Use Oracle Data Redaction
3.3
Benefits of Using Oracle Data Redaction
3.4
Target Use Cases for Oracle Data Redaction
3.4.1
Using Oracle Data Redaction with Database Applications
3.4.2
Considerations When Using Oracle Data Redaction with Ad Hoc Database Queries
4
Oracle Data Redaction Features and Capabilities
4.1
Using Full Data Redaction to Redact All Data
4.2
Using Partial Data Redaction to Redact Sections of Data
4.3
Using Regular Expressions to Redact Patterns of Data
4.4
Using Random Data Redaction to Generate Random Values
4.5
Comparison of Full, Partial, and Random Redaction Based on Data Types
4.5.1
Redaction Capabilities for Oracle Built-in Data Types
4.5.2
Redaction Capabilities for the ANSI Data Types
4.5.3
Redaction Capabilities for the User Defined Data Types or Oracle Supplied Types
4.6
Using No Redaction for Testing Purposes
5
Configuring Oracle Data Redaction Policies
5.1
About Oracle Data Redaction Policies
5.2
Who Can Create Oracle Data Redaction Policies?
5.3
Planning the Creation of an Oracle Data Redaction Policy
5.4
General Syntax of the DBMS_REDACT.ADD_POLICY Procedure
5.5
Using Expressions to Define Conditions for Data Redaction Policies
5.5.1
About Using Expressions in Data Redaction Policies
5.5.2
Applying the Redaction Policy Based on User Environment
5.5.3
Applying the Redaction Policy Based on Database Role
5.5.4
Applying the Redaction Policy Based on Oracle Application Express Session States
5.5.5
Applying the Redaction Policy with No Filtering
5.6
Creating a Full Redaction Policy and Altering the Default Full Redaction Value
5.6.1
Creating a Full Redaction Policy
5.6.1.1
About Creating Full Data Redaction Policies
5.6.1.2
Syntax for Creating a Full Redaction Policy
5.6.1.3
Examples of Full Data Redaction Policies
5.6.2
Altering the Default Full Data Redaction Value
5.6.2.1
About Altering the Default Full Data Redaction Value
5.6.2.2
Altering the Default Full Data Redaction Value for Non-LOB Data Type Columns
5.6.2.3
Altering the Default Full Data Redaction Value for LOB Data Type Columns
5.7
Creating a Partial Redaction Policy
5.7.1
About Creating Partial Redaction Policies
5.7.2
Syntax for Creating a Partial Redaction Policy
5.7.3
Creating Partial Redaction Policies Using Fixed Character Shortcuts
5.7.3.1
Settings for Fixed Character Shortcuts
5.7.3.2
Example of a Partial Redaction Policy Using a Fixed Character Shortcut
5.7.4
Creating Partial Redaction Policies Using Character Data Types
5.7.4.1
Settings for Character Data Types
5.7.4.2
Example of a Partial Redaction Policy Using Character a Data Type
5.7.5
Creating Partial Redaction Policies Using Number Data Types
5.7.5.1
Settings for Number Data Types
5.7.5.2
Example of a Partial Redaction Policy Using a Number Data Type
5.7.6
Creating Partial Redaction Policies Using Date-Time Data Types
5.7.6.1
Settings for Date-Time Data Types
5.7.6.2
Example of a Partial Redaction Policy Using Date-Time Data Type
5.8
Creating a Regular Expression-Based Redaction Policy
5.8.1
About Creating Regular Expression-Based Redaction Policies
5.8.2
Syntax for Creating a Regular Expression-Based Redaction Policy
5.8.3
Creating Regular Expression-Based Redaction Policies Using Shortcuts
5.8.3.1
Regular Expression Shortcuts
5.8.3.2
Example of a Regular Expression Redaction Policy Using Shortcuts
5.8.4
Creating Custom Regular Expression Redaction Policies
5.8.4.1
Settings for Custom Regular Expressions
5.8.4.2
Example of a Custom Regular Expression Redaction Policy
5.9
Creating a Random Redaction Policy
5.9.1
About Creating Random Redaction Policies
5.9.2
Syntax for Creating a Random Redaction Policy
5.9.3
Example of a Random Redaction Policy
5.10
Creating a Policy That Uses No Redaction
5.10.1
About Creating Policies That Use No Redaction
5.10.2
Syntax for Creating a Policy with No Redaction
5.10.3
Example of Performing No Redaction
5.11
Exempting Users from Oracle Data Redaction Policies
5.12
Altering an Oracle Data Redaction Policy
5.12.1
About Altering an Oracle Data Redaction Policy
5.12.2
Syntax for the DBMS_REDACT.ALTER_POLICY Procedure
5.12.3
Parameters Required for Various DBMS_REDACT.ALTER_POLICY Actions
5.12.4
Example of Altering an Oracle Data Redaction Policy
5.13
Redacting Multiple Columns
5.14
Disabling and Enabling an Oracle Data Redaction Policy
5.14.1
Disabling an Oracle Data Redaction Policy
5.14.2
Enabling an Oracle Data Redaction Policy
5.15
Dropping an Oracle Data Redaction Policy
5.16
Example: How Oracle Data Redaction Affects Tables and Views
5.17
Example: Using SQL Expressions to Build Reports with Redacted Values
5.18
Finding Information About Oracle Data Redaction Policies
6
Oracle Data Redaction Use with Oracle Database Features
6.1
Oracle Data Redaction and DML and DDL Operations
6.2
Oracle Data Redaction and Nested Functions, Inline Views, and the WHERE Clause
6.3
Oracle Data Redaction and Aggregate Functions
6.4
Oracle Data Redaction and Object Types
6.5
Oracle Data Redaction and Editions
6.6
Oracle Data Redaction and Oracle Virtual Private Database
6.7
Oracle Data Redaction and Oracle Database Vault
6.8
Oracle Data Redaction and the EXPDP Utility access_method Parameter
6.9
Oracle Data Redaction and Data Masking and Subsetting Pack
7
Security Guidelines for Oracle Data Redaction
7.1
General Usage Guidelines
7.2
Restricting Administrative Access to Oracle Data Redaction Policies
7.3
How Oracle Data Redaction Affects the SYS, SYSTEM and Default Schemas
7.4
Writing Policy Expressions That Depend on SYS_CONTEXT Attributes
7.5
Creating Policies on Materialized Views
7.6
Dropping Policies When the Recycle Bin Is Enabled
Part III Data Encryption and Integrity
8
Securing Stored Data Using Transparent Data Encryption
8.1
About Transparent Data Encryption
8.1.1
Benefits of Using Transparent Data Encryption
8.1.2
Types of Transparent Data Encryption
8.1.2.1
TDE Column Encryption
8.1.2.2
TDE Tablespace Encryption
8.2
Using Transparent Data Encryption
8.2.1
Enabling Transparent Data Encryption
8.2.1.1
Specifying a Wallet Location for Transparent Data Encryption
8.2.1.2
Using Wallets with Automatic Login Enabled
8.2.2
Setting and Resetting the Master Encryption Key
8.2.2.1
Setting the Master Encryption Key
8.2.2.2
Resetting the Master Encryption Key
8.2.3
Opening and Closing the Encrypted Wallet
8.2.4
Encrypting Columns in Tables
8.2.4.1
Creating Tables with Encrypted Columns
8.2.4.2
Encrypting Columns in Existing Tables
8.2.4.3
Creating an Index on an Encrypted Column
8.2.4.4
Adding or Removing Salt from an Encrypted Column
8.2.4.5
Changing the Encryption Key or Algorithm for Tables with Encrypted Columns
8.2.4.6
Data Types That Can Be Encrypted with TDE Column Encryption
8.2.4.7
Restrictions on Using TDE Column Encryption
8.2.5
Encrypting Entire Tablespaces
8.2.5.1
Setting the Tablespace Master Encryption Key
8.2.5.2
Opening the Oracle Wallet
8.2.5.3
Creating an Encrypted Tablespace
8.2.5.4
Restrictions on Using TDE Tablespace Encryption
8.2.6
Using Hardware Security Modules with TDE
8.2.6.1
Set the ENCRYPTION_WALLET_LOCATION Parameter in the sqlnet.ora File
8.2.6.2
Copy the PKCS#11 Library to Its Correct Path
8.2.6.3
Set Up the HSM
8.2.6.4
Generate a Master Encryption Key for HSM-Based Encryption
8.2.6.5
Reconfigure the Software Wallet (Optional)
8.2.6.6
Ensure that the HSM Is Accessible
8.2.6.7
Encrypt and Decrypt Data
8.2.7
Using Transparent Data Encryption with Oracle RAC
8.2.7.1
Using a Non-Shared File System to Store the Wallet
8.3
Managing Transparent Data Encryption
8.3.1
Oracle Wallet Management
8.3.1.1
Specifying a Separate Wallet for Transparent Data Encryption
8.3.1.2
Using an Auto Login Wallet
8.3.1.3
Creating Wallets
8.3.2
Backup and Recovery of Master Encryption Keys
8.3.2.1
Backup and Recovery of Oracle Wallet
8.3.2.2
Backup and Recovery of PKI Key Pair
8.3.3
Export and Import of Tables with Encrypted Columns
8.3.4
Performance and Storage Overheads
8.3.4.1
Performance Overheads
8.3.4.2
Storage Overheads
8.3.5
Security Considerations
8.3.6
Using Transparent Data Encryption in a Multi-Database Environment
8.3.7
Replication in Distributed Environments
8.3.8
Compression and Data Deduplication of Encrypted Data
8.3.9
Transparent Data Encryption with OCI
8.3.10
Transparent Data Encryption in a Multi-Database Environment
8.3.11
Transparent Data Encryption Data Dictionary Views
8.4
Example: Getting Started with TDE Column Encryption and TDE Tablespace Encryption
8.4.1
Prepare the Database for Transparent Data Encryption
8.4.1.1
Specify an Oracle Wallet Location in the sqlnet.ora File
8.4.1.2
Create the Master Encryption Key
8.4.1.3
Open the Oracle Wallet
8.4.2
Create a Table with an Encrypted Column
8.4.3
Create an Index on an Encrypted Column
8.4.4
Alter a Table to Encrypt an Existing Column
8.4.5
Create an Encrypted Tablespace
8.4.6
Create a Table in an Encrypted Tablespace
8.5
Troubleshooting Transparent Data Encryption
8.6
Transparent Data Encryption Reference Information
8.6.1
Supported Encryption and Integrity Algorithms
8.6.2
Quick Reference: Transparent Data Encryption SQL Commands
9
Configuring Network Data Encryption and Integrity for Oracle Servers and Clients
9.1
Oracle Advanced Security Encryption
9.1.1
Advanced Encryption Standard
9.1.2
Triple-DES Support
9.2
Oracle Advanced Security Data Integrity
9.2.1
Data Integrity Algorithms Supported
9.3
Diffie-Hellman Based Key Negotiation
9.3.1
Authentication Key Fold-in
9.4
How To Configure Data Encryption and Integrity
9.4.1
About Activating Encryption and Integrity
9.4.2
About Negotiating Encryption and Integrity
9.4.2.1
REJECTED
9.4.2.2
ACCEPTED
9.4.2.3
REQUESTED
9.4.2.4
REQUIRED
9.4.3
Configuring Encryption and Integrity Parameters Using Oracle Net Manager
9.4.3.1
Configuring Encryption on the Client and the Server
9.4.3.2
Configuring Integrity on the Client and the Server
10
Configuring Network Authentication, Encryption, and Integrity for Thin JDBC Clients
10.1
About the Java Implementation
10.1.1
Java Database Connectivity Support
10.1.2
Securing Thin JDBC
10.1.3
Implementation Overview
10.1.4
Obfuscation
10.2
Configuration Parameters
10.2.1
CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL Parameter
10.2.2
CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES Parameter
10.2.3
CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL Parameter
10.2.4
CONNECTION_PROPERTY_THIN_NET_CHECKSUM_TYPES Parameter
10.2.5
CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES Parameter
10.2.6
AnoServices Constants
Part IV Oracle Advanced Security Strong Authentication
11
Configuring RADIUS Authentication
11.1
About RADIUS
11.2
RADIUS Authentication Modes
11.2.1
Synchronous Authentication Mode
11.2.2
Challenge-Response (Asynchronous) Authentication Mode
11.3
Enabling RADIUS Authentication, Authorization, and Accounting
11.3.1
Step 1: Install RADIUS on the Oracle Database Server and on the Oracle Client
11.3.2
Step 2: Configure RADIUS Authentication
11.3.2.1
Step 2A: Configure RADIUS on the Oracle Client
11.3.2.2
Step 2B: Configure RADIUS on the Oracle Database Server
11.3.2.3
Step 2C: Configure Additional RADIUS Features
11.3.3
Step 3: Create a User and Grant Access
11.3.4
Step 4: Configure External RADIUS Authorization (optional)
11.3.4.1
Step 4A: Configure the Oracle Server (RADIUS Client)
11.3.4.2
Step 4B: Configure the Oracle Client Where Users Log In
11.3.4.3
Step 4C: Configure the RADIUS Server
11.3.5
Step 5: Configure RADIUS Accounting
11.3.5.1
Step 5A: Set RADIUS Accounting on the Oracle Database Server
11.3.5.2
Step 5B: Configure the RADIUS Accounting Server
11.3.6
Step 6: Add the RADIUS Client Name to the RADIUS Server Database
11.3.7
Step 7: Configure the Authentication Server for Use with RADIUS
11.3.8
Step 8: Configure the RADIUS Server for Use with the Authentication Server
11.3.9
Step 9: Configure Mapping Roles
11.4
Using RADIUS to Log In to a Database
11.5
RSA ACE/Server Configuration Checklist
12
Configuring Kerberos Authentication
12.1
Enabling Kerberos Authentication
12.1.1
Step 1: Install Kerberos
12.1.2
Step 2: Configure a Service Principal for an Oracle Database Server
12.1.3
Step 3: Extract a Service Key Table from Kerberos
12.1.4
Step 4: Install an Oracle Database Server and an Oracle Client
12.1.5
Step 5: Install Oracle Net Services and Oracle Advanced Security
12.1.6
Step 6: Configure Oracle Net Services and Oracle Database
12.1.7
Step 7: Configure Kerberos Authentication
12.1.7.1
Step 7A: Configure Kerberos on the Client and on the Database Server
12.1.7.2
Step 7B: Set the Initialization Parameters
12.1.7.3
Step 7C: Set sqlnet.ora Parameters (Optional)
12.1.8
Step 8: Create a Kerberos User
12.1.9
Step 9: Create an Externally Authenticated Oracle User
12.1.10
Step 10: Get an Initial Ticket for the Kerberos/Oracle User
12.2
Utilities for the Kerberos Authentication Adapter
12.2.1
Obtaining the Initial Ticket with the okinit Utility
12.2.2
Displaying Credentials with the oklist Utility
12.2.3
Removing Credentials from the Cache File with the okdstry Utility
12.2.4
Connecting to an Oracle Database Server Authenticated by Kerberos
12.3
Configuring Interoperability with a Windows 2000 Domain Controller KDC
12.3.1
Step 1: Configure Oracle Kerberos Client for a Windows 2000 Domain Controller KDC
12.3.1.1
Step 1A: Create the Client Kerberos Configuration Files
12.3.1.2
Step 2A: Specify the Oracle Configuration Parameters in the sqlnet.ora File
12.3.1.3
Step 3A: Specify the Listening Port Number
12.3.2
Step 2: Configure a Windows 2000 Domain Controller KDC for the Oracle Client
12.3.2.1
Step 2A: Create the User
12.3.2.2
Step 2B: Create the Oracle Database Principal
12.3.3
Step 3: Configure Oracle Database for a Windows 2000 Domain Controller KDC
12.3.3.1
Step 3A: Set Configuration Parameters in the sqlnet.ora File
12.3.3.2
Step 3B: Create an Externally Authenticated Oracle User
12.3.4
Step 4: Obtain an Initial Ticket for the Kerberos/Oracle User
12.4
Configuring Kerberos Authentication Fallback Behavior
12.5
Troubleshooting the Oracle Kerberos Authentication Configuration
13
Configuring Secure Sockets Layer Authentication
13.1
Secure Sockets Layer and Transport Layer Security
13.1.1
The Difference Between Secure Sockets Layer and Transport Layer Security
13.1.2
How Oracle Database Uses Secure Sockets Layer for Authentication
13.1.3
How Secure Sockets Layer Works in an Oracle Environment: The SSL Handshake
13.2
Public Key Infrastructure in an Oracle Environment
13.2.1
About Public Key Infrastructure in an Oracle Environment
13.2.2
About Public Key Cryptography
13.2.3
Public Key Infrastructure Components in an Oracle Environment
13.2.3.1
Certificate Authority
13.2.3.2
Certificates
13.2.3.3
Certificate Revocation Lists
13.2.3.4
Wallets
13.2.3.5
Hardware Security Modules
13.3
Secure Sockets Layer Combined with Other Authentication Methods
13.3.1
Architecture: Oracle Advanced Security and Secure Sockets Layer
13.3.2
How Secure Sockets Layer Works with Other Authentication Methods
13.4
Secure Sockets Layer and Firewalls
13.5
Secure Sockets Layer Usage Issues
13.6
Enabling Secure Sockets Layer
13.6.1
Step 1: Install Oracle Advanced Security and Related Products
13.6.2
Step 2: Configure Secure Sockets Layer on the Server
13.6.2.1
Step 2A: Confirm Wallet Creation on the Server
13.6.2.2
Step 2B: Specify the Database Wallet Location on the Server
13.6.2.3
Step 2C: Set the Secure Sockets Layer Cipher Suites on the Server (Optional)
13.6.2.4
Step 2D: Set the Required SSL Version on the Server (Optional)
13.6.2.5
Step 2E: Set SSL Client Authentication on the Server (Optional)
13.6.2.6
Step 2F: Set SSL as an Authentication Service on the Server (Optional)
13.6.2.7
Step 2G: Create a Listening Endpoint that Uses TCP/IP with SSL on the Server
13.6.3
Step 3: Configure Secure Sockets Layer on the Client
13.6.3.1
Step 3A: Confirm Client Wallet Creation
13.6.3.2
Step 3B: Configure the Server DNs and Use TCP/IP with SSL on the Client
13.6.3.3
Step 3C: Specify Required Client SSL Configuration (Wallet Location)
13.6.3.4
Step 3D: Set the Client Secure Sockets Layer Cipher Suites (Optional)
13.6.3.5
Step 3E: Set the Required SSL Version on the Client (Optional)
13.6.3.6
Step 3F: Set SSL as an Authentication Service on the Client (Optional)
13.6.3.7
Step 3G: Specify the Certificate to Use for Authentication on the Client (Optional)
13.6.4
Step 4: Log on to the Database Instance
13.7
Troubleshooting Secure Sockets Layer
13.8
Certificate Validation with Certificate Revocation Lists
13.8.1
About Certificate Validation with Certificate Revocation Lists
13.8.2
What CRLs Should You Use?
13.8.3
How CRL Checking Works
13.8.4
Configuring Certificate Validation with Certificate Revocation Lists
13.8.4.1
About Configuring Certificate Validation with Certificate Revocation Lists
13.8.4.2
Enabling Certificate Revocation Status Checking for the Client or Server
13.8.4.3
Disabling Certificate Revocation Status Checking
13.8.5
Certificate Revocation List Management
13.8.5.1
About Certificate Revocation Management
13.8.5.2
Displaying orapki Help for Commands That Manage CRLs
13.8.5.3
Renaming CRLs with a Hash Value for Certificate Validation
13.8.5.4
Uploading CRLs to Oracle Internet Directory
13.8.5.5
Listing CRLs Stored in Oracle Internet Directory
13.8.5.6
Viewing CRLs in Oracle Internet Directory
13.8.5.7
Deleting CRLs from Oracle Internet Directory
13.8.6
Troubleshooting Certificate Validation
13.8.6.1
Oracle Net Tracing File Error Messages Associated with Certificate Validation
13.9
Configuring Your System to Use Hardware Security Modules
13.9.1
About Configuring Your System to Use Hardware Security Modules
13.9.2
Guidelines for Using Hardware Security Modules with Oracle Advanced Security
13.9.3
Configuring Your System to Use nCipher Hardware Security Modules
13.9.3.1
About Configuring Your System to Use nCipher Hardware Security Modules
13.9.3.2
Oracle Components Required To Use an nCipher Hardware Security Module
13.9.3.3
About Installing an nCipher Hardware Security Module
13.9.4
Configuring Your System to Use SafeNET Hardware Security Modules
13.9.4.1
About Configuring Your System to Use SafeNet Hardware Security Modules
13.9.4.2
Oracle Components for the SafeNET Luna SA Hardware Security Module
13.9.4.3
About Installing a SafeNET Hardware Security Module
13.9.5
Troubleshooting Using Hardware Security Modules
13.9.5.1
Errors in the Oracle Net Trace Files
13.9.5.2
Error Messages Associated with Using Hardware Security Modules
13.10
Configuring SSL in an Oracle Real Application Clusters Environment
13.10.1
Step 1: Configure the TCPS Protocol Endpoints
13.10.2
Step 2: Update the Local Listener Parameter on Each Oracle RAC Node
13.10.3
Step 3: Create SSL Certificates and Wallets for the Cluster and for the Clients
13.10.3.1
Creating the SSL Certificate for Each Cluster and for the Test Client
13.10.3.2
Signing Each User Certificate
13.10.4
Step 4: Copy the Wallet to Each Cluster Node and Create an Obfuscated Wallet
13.10.5
Step 5: Define Wallet Locations in the listener.ora and sqlnet.ora Files
13.10.6
Step 6: Restart the Database Instances and Listeners
13.10.7
Step 7: Test the Configuration from a Cluster Node
13.10.8
Step 8: Test the Configuration from a Remote Client
14
Using Oracle Wallet Manager
14.1
Oracle Wallet Manager Overview
14.1.1
Wallet Password Management
14.1.2
Strong Wallet Encryption
14.1.3
Microsoft Windows Registry Wallet Storage
14.1.3.1
Options Supported:
14.1.4
Backward Compatibility
14.1.5
Public-Key Cryptography Standards (PKCS) Support
14.1.6
Multiple Certificate Support
14.1.7
LDAP Directory Support
14.2
Starting Oracle Wallet Manager
14.3
How to Create a Complete Wallet: Process Overview
14.4
Managing Wallets
14.4.1
Required Guidelines for Creating Wallet Passwords
14.4.2
Creating a New Wallet
14.4.2.1
Creating a Standard Wallet
14.4.2.2
Creating a Wallet to Store Hardware Security Module Credentials
14.4.3
Opening an Existing Wallet
14.4.4
Closing a Wallet
14.4.5
Exporting Oracle Wallets to Third-Party Environments
14.4.6
Exporting Oracle Wallets to Tools that Do Not Support PKCS #12
14.4.7
Uploading a Wallet to an LDAP Directory
14.4.8
Downloading a Wallet from an LDAP Directory
14.4.9
Saving Changes
14.4.10
Saving the Open Wallet to a New Location
14.4.11
Saving in System Default
14.4.12
Deleting the Wallet
14.4.13
Changing the Password
14.4.14
Using Auto Login
14.4.14.1
Enabling Auto Login
14.4.14.2
Disabling Auto Login
14.5
Managing Certificates
14.5.1
Managing User Certificates
14.5.1.1
Adding a Certificate Request
14.5.1.2
Importing the User Certificate into the Wallet
14.5.1.3
Importing Certificates and Wallets Created by Third Parties
14.5.1.4
Removing a User Certificate from a Wallet
14.5.1.5
Removing a Certificate Request
14.5.1.6
Exporting a User Certificate
14.5.1.7
Exporting a User Certificate Request
14.5.2
Managing Trusted Certificates
14.5.2.1
Importing a Trusted Certificate
14.5.2.2
Removing a Trusted Certificate
14.5.2.3
Exporting a Trusted Certificate
14.5.2.4
Exporting All Trusted Certificates
15
Configuring Multiple Authentication Methods and Disabling Oracle Advanced Security
15.1
Connecting with User Name and Password
15.2
Disabling Oracle Advanced Security Authentication
15.3
Configuring Multiple Authentication Methods
15.4
Configuring Oracle Database for External Authentication
15.4.1
Setting the SQLNET.AUTHENTICATION_SERVICES Parameter in sqlnet.ora
15.4.2
Setting OS_AUTHENT_PREFIX to a Null Value
Part V Appendixes
A
Data Encryption and Integrity Parameters
A.1
Sample sqlnet.ora File
A.2
Data Encryption and Integrity Parameters
A.2.1
SQLNET.ENCRYPTION_SERVER Parameter
A.2.2
SQLNET.ENCRYPTION_CLIENT Parameter
A.2.3
SQLNET.SSL_EXTENDED_KEY_USAGE Parameter
A.2.4
SQLNET.CRYPTO_CHECKSUM_SERVER Parameter
A.2.5
SQLNET.CRYPTO_CHECKSUM_CLIENT Parameter
A.2.6
SQLNET.ENCRYPTION_TYPES_SERVER Parameter
A.2.7
SQLNET.ENCRYPTION_TYPES_CLIENT Parameter
A.2.8
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER Parameter
A.2.9
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT Parameter
B
Authentication Parameters
B.1
Parameters for Clients and Servers using Kerberos Authentication
B.2
Parameters for Clients and Servers using RADIUS Authentication
B.2.1
sqlnet.ora File Parameters
B.2.1.1
SQLNET.AUTHENTICATION_SERVICES Parameter
B.2.1.2
SQLNET.RADIUS_AUTHENTICATION Parameter
B.2.1.3
SQLNET.RADIUS_AUTHENTICATION_PORT Parameter
B.2.1.4
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT Parameter
B.2.1.5
SQLNET.RADIUS_AUTHENTICATION_RETRIES Parameter
B.2.1.6
SQLNET.RADIUS_SEND_ACCOUNTING Parameter
B.2.1.7
SQLNET.RADIUS_SECRET Parameter
B.2.1.8
SQLNET.RADIUS_ALTERNATE Parameter
B.2.1.9
SQLNET.RADIUS_ALTERNATE_PORT Parameter
B.2.1.10
SQLNET.RADIUS_ALTERNATE_TIMEOUT Parameter
B.2.1.11
SQLNET.RADIUS_ALTERNATE_RETRIES Parameter
B.2.1.12
SQLNET.RADIUS_CHALLENGE_RESPONSE Parameter
B.2.1.13
SQLNET.RADIUS_CHALLENGE_KEYWORD Parameter
B.2.1.14
SQLNET.RADIUS_AUTHENTICATION_INTERFACE Parameter
B.2.1.15
SQLNET.RADIUS_CLASSPATH Parameter
B.2.2
Minimum RADIUS Parameters
B.2.3
Initialization File Parameters
B.3
Parameters for Clients and Servers Using Secure Sockets Layer
B.3.1
Secure Sockets Layer Authentication Parameters
B.3.2
Cipher Suite Parameters
B.3.2.1
Supported SSL Cipher Suites
B.3.3
Secure Sockets Layer Version Parameters
B.3.4
Secure Sockets Layer Client Authentication Parameters
B.3.4.1
SSL X.509 Server Match Parameters
B.3.5
Wallet Location
C
Integrating Authentication Devices Using RADIUS
C.1
About the RADIUS Challenge-Response User Interface
C.2
Customizing the RADIUS Challenge-Response User Interface
D
Oracle Advanced Security FIPS 140 Settings
D.1
About the FIPS 140 Settings
D.2
Configuring Oracle Database for FIPS 140-2
D.2.1
About the FIPS 140-2 Settings
D.2.2
Configuring the SSLFIPS_140 Parameter
D.2.3
Selecting Cipher Suites
D.2.4
Post-Installation Checks
D.2.5
Verifying FIPS Connections
D.3
Configuring Oracle Database for FIPS 140-1
D.3.1
About the FIPS 140-1 Settings
D.3.2
sqlnet.ora FIPS 140-1 Configuration Parameters
D.3.2.1
Server Encryption Level Setting
D.3.2.2
Client Encryption Level Setting
D.3.2.3
Server Encryption Selection List
D.3.2.4
Client Encryption Selection List
D.3.2.5
FIPS Parameter
D.3.3
Post Installation Checks
D.3.4
Status Information
D.3.5
Physical Security
E
orapki Utility
E.1
orapki Utility Overview
E.1.1
orapki Utility Syntax
E.2
Creating Signed Certificates for Testing Purposes
E.3
Managing Oracle Wallets with orapki Utility
E.3.1
Creating, Viewing, and Modifying Wallets with orapki
E.3.1.1
Creating a PKCS#12 Wallet
E.3.1.2
Creating an Auto Login Wallet
E.3.1.3
Viewing a Wallet
E.3.1.4
Modifying the Password for a Wallet
E.3.2
Adding Certificates and Certificate Requests to Oracle Wallets with orapki
E.3.3
Exporting Certificates and Certificate Requests from Oracle Wallets with orapki
E.4
Managing Certificate Revocation Lists (CRLs) with orapki Utility
E.5
orapki Usage Examples
E.6
orapki Utility Commands Summary
E.6.1
orapki cert create
E.6.1.1
Purpose
E.6.1.2
Syntax
E.6.2
orapki cert display
E.6.2.1
Purpose
E.6.2.2
Syntax
E.6.3
orapki crl delete
E.6.3.1
Purpose
E.6.3.2
Prerequisites
E.6.3.3
Syntax
E.6.4
orapki crl display
E.6.4.1
Purpose
E.6.4.2
Syntax
E.6.5
orapki crl hash
E.6.5.1
Purpose
E.6.5.2
Syntax
E.6.6
orapki crl list
E.6.6.1
Purpose
E.6.6.2
Syntax
E.6.7
orapki crl upload
E.6.7.1
Purpose
E.6.7.2
Syntax
E.6.8
orapki wallet add
E.6.8.1
Purpose
E.6.8.2
Syntax
E.6.9
orapki wallet create
E.6.9.1
Purpose
E.6.9.2
Syntax
E.6.10
orapki wallet display
E.6.10.1
Purpose
E.6.10.2
Syntax
E.6.11
orapki wallet export
E.6.11.1
Purpose
E.6.11.2
Syntax
F
Entrust-Enabled Secure Sockets Layer Authentication
F.1
Benefits of Entrust-Enabled Oracle Advanced Security
F.1.1
Enhanced X.509-Based Authentication and Single Sign-On
F.1.2
Integration with Entrust Authority Key Management
F.1.3
Integration with Entrust Authority Certificate Revocation
F.2
Required System Components for Entrust-Enabled Oracle Advanced Security
F.2.1
Entrust Authority for Oracle
F.2.1.1
Entrust Authority Security Manager
F.2.1.2
Entrust Authority Self-Administration Server
F.2.1.3
Entrust Entelligence Desktop Manager
F.2.2
Entrust Authority Server Login Feature
F.2.3
Entrust Authority IPSec Negotiator Toolkit
F.3
Entrust Authentication Process
F.4
Enabling Entrust Authentication
F.4.1
Creating Entrust Profiles
F.4.1.1
Administrator-Created Entrust Profiles
F.4.1.2
User-Created Entrust Profiles
F.4.2
Installing Oracle Advanced Security and Related Products for Entrust-Enabled SSL
F.4.3
Configuring SSL on the Client and Server for Entrust-Enabled SSL
F.4.4
Configuring Entrust on the Client
F.4.4.1
Configuring Entrust on a UNIX Client
F.4.4.2
Configuring Entrust on a Windows Client
F.4.5
Configuring Entrust on the Server
F.4.5.1
Configuring Entrust on a UNIX Server
F.4.5.2
Configuring Entrust on a Windows Server
F.4.6
Creating Entrust-Enabled Database Users
F.4.7
Logging Into the Database Using Entrust-Enabled SSL
F.5
Issues and Restrictions that Apply to Entrust-Enabled SSL
F.6
Troubleshooting Entrust In Oracle Advanced Security
F.6.1
Error Messages Returned When Running Entrust on Any Platform
F.6.2
Error Messages Returned When Running Entrust on Windows Platforms
F.6.3
General Checklist for Running Entrust on Any Platform
F.6.3.1
Checklist for Entrust Installations on Windows
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.