Uploaded byssuser865ecd
PPTX, PDF179 views

Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx

The document provides instructions for attending an Oracle Support Advisor Webcast on troubleshooting issues with TCPS configuration and communication on databases, including how to access the recording and ask questions. It lists two options for attending - listening through computer audio or calling in by phone. It also provides the webinar ID and dial-in details needed to join the teleconference.

Embed presentation

Download to read offline
ATTENTION – AUDIO Options Advisor Webcast PDF, Recording and Community Thread:  Recording will be available within 48 hours at Advisor Webcast PDF & Recording: Oracle Support Document 2877140.2 - Troubleshooting issues with TCPS Configuration/Communication on Database [Video] https://support.oracle.com/rs?type=doc&id=287714 0.2  Use Community link for Q&A - https://community.oracle.com/mosc/discussion/xxxx  For upcoming Oracle Database Advisor Webcasts & recordings, see Doc ID 1456176.2 Option 1: Voice Streaming – Computer Audio  No need to dial in on a telephone, the Advisor Webcast can be heard through your computer speakers or an attached headset.  Questions can be asked via Chat box Option 2: Teleconference (Dial In)  Questions can be asked over phone or in the Chat box  Requires telephone to dial in  Details  Webinar ID: 944 9650 5115  US toll dial in: +1 669 900 6833  US toll dial in: +1 346 248 7799 International numbers available: https://oracle.zoom.us/u/a87POGYP Oracle Support Advisor Webcast will start at the scheduled time Copyright 2022, Oracle and/or affiliates. All rights reserved
 Check out Doc ID 740966.2 for all Webcasts.  Select your product Oracle Database  Register for the session of your interest.  For upcoming Oracle Database Advisor Webcasts & archived recordings, see Doc ID 1456176.2 Upcoming Advisor Webcast Schedule Oracle Support Advisor Webcast will begin at the scheduled time Register for any Oracle Support Advisor Webcast from: https://go.oracle.com/oraclesupportadvisorwebca sts Copyright 2022, Oracle and/or affiliates. All rights reserved
Global Customer Support, Database Security July 14, 2022 SRINIVASA R Troubleshooting issues with TCPS Configuration/Communication on Database Oracle Support Advisor Webcast
Proactive Resources for Tools, Training and Social Channels Get ProactivePortfolio Doc ID 432.1 Learning is ongoing. Select and use learning options to meet your needs. Self-paced Live, interactive Deep-dive instruction (steps) Get Proactive Social Channels Stay informed via: My Oracle Support Community here Blogs here Examples: EBS / Database Twitter here Examples: EBS / Database Oracle Support Essentials Doc ID 553747.2 My Oracle Support How To Videos Doc ID 603505.2 Product Advisor Webcasts Doc ID 740966.1 Oracle Support Accreditations Doc ID 1583898.2 OracleSupport Training andResources Doc ID 1959163.2 High-level (concepts) Session playback Copyright 2022, Oracle and/or affiliates. All rights reserved
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Safe harbor statement Copyright 2022, Oracle and/or affiliates. All rights reserved
Global Customer Support, Database Security July 14, 2022 SRINIVASA R Troubleshooting issues with TCPS Configuration/Communication on Database Oracle Support Advisor Webcast
5 4 3 2 1 ORA Errors related to SSL adapter Troubleshooting SSL Handshake failures between DBServer and Client Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Topics Copyright 2022, Oracle and/or affiliates. All rights reserved
1 Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
1.What isSSL/TLS? SSL/TLS creates an encrypted connection between server and client servers allowing for private information to be transmitted without the problems of eavesdropping, data problems of eavesdropping, data tampering, or message forgery.To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on the server. you and install it on the server. 2.Whydo I needSSL? If you are transmitting sensitive information on a web site, such as credentials or personal information, you need to secure it with SSL encryption. It is possible for encryption. It is possible for every piece of data to be seen by others unless it is secured by an SSL certificate. 3.SSLCertificate SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. User/ServerCertificate :SSL Certificate issued to a specific server/host is termed as ServerCertificate/User certificate/Identity Certificate. Certificate. IntermediateCertificate : Intermediate certificates are used as a stand-in for our root certificate. Root Certificate: It is public key certificate that identifies the Root CertificateAuthority 4.Certificate authority (CA) A certificate authority is an entity which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined they are following defined procedures 1.Basics of Transport Layer Security Configuration Copyright 2022, Oracle and/or affiliates. All rights reserved
5.Wallet A wallet is also a repository of security certificates and credentials.Oracle Database and OHS store certificates in wallets. We can create password-protected wallets(ewallet.p12) and corresponding autologin wallet(cwallet.sso) 6.SignatureAlgorithm The algorithm used to create the signature.Signature is to verify that it came from the issuer. It is used to sign the certificates.Signature strength is directly related to the key size, the larger the key the stronger the signature. signature. 7.Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a that can be followed as a procedure A cipher suite is a named combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to algorithms used to negotiate the security settings for a network connection using theTransport Layer Security (TLS) / Secure Sockets Layer (SSL) Sockets Layer (SSL) network protocol. 8.SSL Handshake The client and server establish which algorithms to use. The server sends its certificate to the client and the client verifies that the server's certificate was signed by a trusted CA. If client authentication is required, the client sends its own certificate to the server and the server verifies that the client's certificate was signed by a certificate was signed by a trustedCA. The client and server exchange key information using public key cryptography. Based on this information, each generates a session key session key Copyright 2022, Oracle and/or affiliates. All rights reserved
 TLS provides authentication, data encryption, and data integrity.  The TLS protocol is the foundation of a public key infrastructure (PKI). For authentication, TLS uses digital certificates that comply with the X.509v3 standard and a public and private key pair.  Oracle Database TLS can be used to secure communications between any client and any server. You can configure TLS to provide authentication for the server only, the client only, or both client and server. Basics of Transport Layer Security Configuration Copyright 2022, Oracle and/or affiliates. All rights reserved
1. Create the SSL Wallet(ewallet.p12 and cwallet.sso) $orapki wallet create -wallet <wallet_location> -auto_login 2. Raise Certificate Signing Request(CSR) orapki wallet add -wallet <wallet_location> -dn <user_dn> -keysize 512|1024|2048|4096 -pwd <wallet_password> Eg: orapki wallet add -wallet <wallet_location> -dn CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN -keysize 512|1024|2048|4096 -pwd <wallet_password> 3. Submit CSR to Certificate Authority(CA) to get signed SSL certificates in Base64 format orapki wallet export -wallet <wallet_location> -dn <certificate_request_dn> -request <certificate_request_filename> -pwd <wallet password> Eg: orapki wallet export -wallet <wallet_location> -dn CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN -request csr.txt -pwd <wallet password> 4.I mport trusted and user certificates to wallet orapki wallet add -wallet <wallet_location> -trusted_cert -cert <root_certificate_location> -pwd <wallet_password> orapki wallet add -wallet <wallet_location> -trusted_cert -cert <intermediate_certificate_location> -pwd <wallet_password> orapki wallet add -wallet <wallet_location> -user_cert -cert <user_certificate_location> -pwd <wallet_password> Review of SSL wallet creation and importing certificates to it Copyright 2022, Oracle and/or affiliates. All rights reserved
5. Review the wallet created for DB server $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 6. Similarly Create a wallet on Client and import the DB trusted certificates to the Client wallet 7. After the creation of wallets,SSL/TLS is enabled on DB Step by Step Guide To Configure SSL Authentication (Doc ID 736510.1) Copyright 2022, Oracle and/or affiliates. All rights reserved
1 Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
<DB HOME>/bin>lsnrctl status <listener name> Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname.domainname)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 30-JUN-2022 15:01:08 Uptime 3 days 21 hr. 10 min. 27 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/network/admin/listener.ora Listener Log File /refresh/home/app/19.8.0.0/oracle/diag/tnslsnr/hostname/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=hostname.domainname)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname.domainname)(PORT=1523))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname.domainname)(PORT=5510))(Security=(my_wallet_directory=/refresh/home/app/19.8.0.0/oracle/product/19.8.0 .0/dbhome6/srinivasa/wallets))(Presentation=HTTP)(Session=RAW)) Services Summary... Service "orcl19800.domainname" has 1 instance(s). Instance "orcl19800", status READY, has 1 handler(s) for this service... Service "orcl19800XDB.domainname" has 1 instance(s). Instance "orcl19800", status READY, has 1 handler(s) for this service... The command completed successfully 1.Status of listener Copyright 2022, Oracle and/or affiliates. All rights reserved
2. DB Configuration files should have TCPS connection descriptors listener.ora ------- LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST= (ADDRESS = (PROTOCOL = TCP)(HOST = hostname.domainname)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCPS)(HOST = hostname.domainname)(PORT = 1523)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) ) ) wallet_location = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets) ) ) SSL_CLIENT_AUTHENTICATION=FALSE SSL_VERSION=1.2 Copyright 2022, Oracle and/or affiliates. All rights reserved
3.sqlnet.ora on the server --------- wallet_location = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets) ) ) #Set the below parameter to TRUE, for users to be authenticated by Database with SSL certificates, SSL_CLIENT_AUTHENTICATION=FALSE #This parameter is recommended to force the use of TLS latest version 1.2 SSL_VERSION=1.2 #Set this parameter ON so that SSL_SERVER_CERT_DN in tnsnames.ora is effective #SSL_SERVER_DN_MATCH=ON Copyright 2022, Oracle and/or affiliates. All rights reserved
4.DB Client files will have Wallet and TCPS connection descriptors sqlnet.ora on the Client ----------- NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) #Specify the wallet location with wallet_location parameter wallet_location = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/u01/db/db12/12.2.0/srinivasa/wallets) )) #Set the below parameter to TRUE, for users to be authenticated by Database with SSL certificates, SSL_CLIENT_AUTHENTICATION=FALSE #This parameter is recommended to force the use of TLS latest version 1.2 SSL_VERSION=1.2 tnsnames.ora -------- orcl19800_SSL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = hostname.domainname)(PORT = 1523)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19800.domainname) )) Copyright 2022, Oracle and/or affiliates. All rights reserved
5.Connection to Database over TCPS $sqlplus srini/<password>@orcl19800_ssl SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 4 16:23:05 2022 Version 19.8.0.0.0 Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.8.0.0.0 SQL> show user USER is "SRINI“ SQL> select sys_context('USERENV','NETWORK_PROTOCOL') from dual; SYS_CONTEXT('USERENV','NETWORK_PROTOCOL') -------------------------------------------------------------------------------- tcps Copyright 2022, Oracle and/or affiliates. All rights reserved
1 Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
The contents in the wallet can be dumped using the command below. 1.Wallet on DB Server $export ORACLE_HOME=<DB HOME> $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 2.Wallet on Client $export ORACLE_HOME=<CLIENT HOME> $orapki wallet display -wallet /u01/db/db12/12.2.0/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=client.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 3.Validating the SSL Wallets on Server and Client Copyright 2022, Oracle and/or affiliates. All rights reserved
1 Troubleshooting SSL Handshake failures between DBServer and Client Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
I. Verify if the listener is accessible through SSL port 1.Check the listener hostname/IP and TCPS port set from the status of listener $lsnrctl status <listener name> (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname.domain name)(PORT=1523))) 2.Check the DB Service name is listed under Services Services Summary... Service "orcl19800.domainname" has 1 instance(s). Instance "orcl19800", status READY, has 1 handler(s) for this service... Follow the checklist below when connection to DB fails over SSL connection Copyright 2022, Oracle and/or affiliates. All rights reserved
Copyright 2021, Oracle and/or affiliates. All rights reserved 2.Run the command below to verify if the listener is able to load the certificates. The command need to return the certificates $ openssl s_client -connect dbserver.domainname:1523 CONNECTED(00000003) depth=1 C = IN, ST = KAR, L = BLR, O = ORACLE, OU = DBSEC, CN = DBServerCA verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=IN/ST=Karnataka/L=BLR-OTP/O=ORACLE/OU=DBSEC/CN=dbserver.domainname i:/C=IN/ST=KAR/L=BLR/O=ORACLE/OU=DBSEC/CN=DBServerCA 1 s:/C=IN/ST=KAR/L=BLR/O=ORACLE/OU=DBSEC/CN=DBServerCA i:/C=IN/ST=KAR/L=BLR/O=ORACLE/OU=DBSEC/CN=DBServerCA Server certificate -----BEGIN CERTIFICATE----- MIIDQzCCAisCAhI2MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAklOMQwwCgYD VQQIDANLQVIxDDAKBgNVBAcMA0JMUjEPMA0GA1UECgwGT1JBQ0xFMQ4wDAYDVQQL DAVEQlNFQzEQMA4GA1UEAwwHU1JJQ0VSVDAeFw0yMjA3MDQxNDE0NTFaFw0yMzA3 MDQxNDE0NTFaMHIxCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEDAO BgNVBAcTB0JMUi1PVFAxDzANBgNVBAoTBk9SQUNMRTEOMAwGA1UECxMFREJTRUMx HDAaBgNVBAMTE2Ric2VydmVyLmRvbWFpbm5hbWUwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCCwQJxda+4cClkZjxvdVS+G2Zo4eBsTRSrQWkikKjwySEY DUhAr7piw3eA0AvCNYYjEnLT93+oK7FprVQz77Gg0KROBdUU/xgd173zGUyfaG8w aOjuh6BlmU08lE2RqGph7cGiQWvx0XHyaiVaviZNxpY0qP8uL5eEnyYQ0Dd5efrU 5BF5QyCtwR0F0MmpeVvQ3qvvmiYuJfqHDqXnVrsxNIEr114HMlHnEunnk7lUSfoD vX3ojCz3FjqT0OCeD3+Xwgf6HfaV4i6klyJnoQS19vBWo6LcfMUFVxl8W7QLcE5x GyPeJgBLDu04euvFYngRwWT8Ozuur2ySpstzTXhLAgMBAAEwDQYJKoZIhvcNAQEL BQADggEBAJSOJhS9A+8W/TnrMFmDU6BH1qI4XDNKJgiC6R3E4oG4GPVHL4U3is0Y
3. If the output return error as below , then wallets are not loaded during listener startup. $ openssl s_client -connect dbserver.domainname:1523 CONNECTED(00000003) 140404937381776:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: no peer certificate available No client certificate CA names sent SSL handshake has read 0 bytes and written 289 bytes New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1657277758 Timeout : 300 (sec) Verify return code: 0 (ok) --- Copyright 2022, Oracle and/or affiliates. All rights reserved
1.Check WALLET_LOCATION specified in listener.ora and validate it is correct wallet_location =(SOURCE=(METHOD=File)(METHOD_DATA=(DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets))) 2.Check the DB User has read permissions on the wallet files 3.Dump the contents of wallet and ensure it contain user certificate and trusted certificates $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 4.Dump the certificates and ensure it is valid $orapki cert display -cert user.txt Oracle PKI Tool Release 21.0.0.0.0 - Production Version 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Issuer: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Valid Until: Tue Jul 04 14:14:51 GMT 2023 Solution: Copyright 2022, Oracle and/or affiliates. All rights reserved
II.Check tnsping works on TCPS port from server and client For a successful connection: $ tnsping "(ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523))" TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 06-JUL-2022 21:37:53 Copyright (c) 1997, 2020, Oracle. All rights reserved. Attempting to contact (ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523)) OK (190 msec) In case of failure: $ tnsping "(ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523))" TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 06-JUL-2022 21:37:53 Copyright (c) 1997, 2020, Oracle. All rights reserved. Attempting to contact (ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523)) TNS-12560: TNS:protocol adapter error Copyright 2022, Oracle and/or affiliates. All rights reserved
1.Check wallet_location in sqlnet.ora on Client/server and if wallets exist in it wallet_location =(SOURCE=(METHOD=File)(METHOD_DATA=(DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets))) 2.Check the server/client wallet and ensure the trusted certificates of DB are imported to it $orapki wallet display -wallet /u01/db/db12/12.2.0/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=client.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 3.If SSL_CLIENT_AUTHENTICATION=TRUE , then ensure the trusted certificates of Client are imported to DB Wallets $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 4.SSL_VERSION set in server need to be supported by client(1.2, 1.1 , 1) Update SSL_VERSION in client sqlnet.ora with the same value as in Server SSL_VERSION=1.2 Solution: Copyright 2022, Oracle and/or affiliates. All rights reserved
III.Check connection to DB sqlplus username/password@orcl19800_ssl ERROR: ORA-28865: SSL connection closed Solution: 1.Check the sqlnet.ora in DB HOME for the wallet location and ensure the wallets are same as set in listener.ora 2.If SSL_CLIENT_AUTHENTICATION=TRUE , then ensure the trusted certificates of Client are imported to DB Wallets $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 3.SSL_VERSION set in server need to be supported by client(1.2, 1.1 , 1) Update SSL_VERSION in client sqlnet.ora with the same value as in Server .SSL_VERSION=1.2 Copyright 2022, Oracle and/or affiliates. All rights reserved
Enable sqlnet tracing to identify and troubleshoot the errors from the SSL layer using: Note 395525.1 How to Enable Oracle SQL*Net Client , Server , Listener , Kerberos and External procedure Tracing from Net Manager More debug details will be covered in next Webcast: Troubleshooting Tcps/SSL through Wireshark Troubleshooting SSL Handshake failures between DBServer and Client Copyright 2022, Oracle and/or affiliates. All rights reserved
1 ORA Errors that may occur while you use the Oracle Database SSL adapter Troubleshooting SSL Handshake failures between DBServer and Client Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
1.TNS:protocol adapter error (ORA-12560) Ensure listener is accessible through SSL port and tnsping works correctly 2.ORA-29024:Certificate Validation Failure -Check the client wallet and ensure the trusted certificates of DB are imported to it -Check that server certificate is not imported as a trusted certificate 3.ORA-29143/29106: Wallet open failed with error 29143/29106 -For versions less than 12.1.0.2.201020, apply Patch 23184013 -If cwallet.sso is created with auto_login_local and it can be used only by the user who created it. 4.ORA-28860: Fatal SSL error -There is a mismatch between SSL Protocol version or cipher suite between Client and Server. 5.ORA-28864: SSL connection closed gracefully -The certificates have been signed using MD5 hashing algorithm and after the database upgrade to 12.2 the handshake uses the TLS1.2 protocol. 6.Additional and new errors if any will be updated in MOS document below How To Investigate And Troubleshoot SSL/TLS Issues on the Database And Client SQL*Net Layer (Doc ID 2238096.1) 5.ORA Errors that may occur while you use the Oracle Database SSL adapter. Copyright 2022, Oracle and/or affiliates. All rights reserved
Step by Step Guide To Configure SSL Authentication (Doc ID 736510.1) Step by Step Guide: How to Configure SSL/TLS on ORACLE RAC (with SCAN) (Doc ID 1448841.1) SSL Troubleshooting Guide (Doc ID 166492.1) Note 395525.1 How to Enable Oracle SQL*Net Client , Server , Listener , Kerberos and External procedure Tracing from Net Manager Document Reference: Copyright 2022, Oracle and/or affiliates. All rights reserved
Locating Current Schedule & Archived Recordings Oracle Support Advisor Webcast Program  Access Advisor Webcasts information for all Oracle products from Doc ID 740966.2 or directly access upcoming and prior webcasts for Oracle Database from Doc ID 1456176.2  Under Prior Webcast Recordings tab access recordings and webcast slides (.pdf)  Recording available within 48 hours at: Oracle Document 2877140.2 - Troubleshooting issues with TCPS Configuration/Communication on Database [Video] https://support.oracle.com/rs?type=doc&id=28771  Use Community link to ask webcast related questions https://community.oracle.com/mosc/discussion/4521454  Register for any Oracle Support Advisor Webcast or replay any session from previous month from: https://go.oracle.com/oraclesupportadvisorwebcast Copyright 2022, Oracle and/or affiliates. All rights reserved
Q & A  To ask a question use Chat  Your question will be read aloud in the order received  Questions can also be asked after the session within in My Oracle Support Communities, thread: https://community.oracle.com/mosc/discussion/4521454 Copyright 2022, Oracle and/or affiliates. All rights reserved
Thank you SrinivasaR GlobalCustomer Support, Database Security Copyright 2022, Oracle and/or affiliates. All rights reserved
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx

More Related Content

PPTX
ELBの概要と勘所
byShuji Watanabe
 
PPTX
WebRTC getStats - WebRTC Meetup Tokyo 5 LT
bymganeko
 
PDF
ブレソルでテラバイト級データのALTERを短時間で終わらせる
byKLab Inc. / Tech
 
PPTX
C# Events
byPrem Kumar Badri
 
PPTX
徳丸本に載っていないWebアプリケーションセキュリティ
byHiroshi Tokumaru
 
PPTX
SQL Server Performance Tuning Essentials
byMasaki Hirose
 
PPTX
脱RESTful API設計の提案
by樽八 仲川
 
PDF
次世代Webコンテナ Undertowについて
byYoshimasa Tanabe
 
ELBの概要と勘所
byShuji Watanabe
 
WebRTC getStats - WebRTC Meetup Tokyo 5 LT
bymganeko
 
ブレソルでテラバイト級データのALTERを短時間で終わらせる
byKLab Inc. / Tech
 
C# Events
byPrem Kumar Badri
 
徳丸本に載っていないWebアプリケーションセキュリティ
byHiroshi Tokumaru
 
SQL Server Performance Tuning Essentials
byMasaki Hirose
 
脱RESTful API設計の提案
by樽八 仲川
 
次世代Webコンテナ Undertowについて
byYoshimasa Tanabe
 

What's hot

PPTX
Ansible
byAfroz Hussain
 
PPTX
Fuse- Filesystem in User space
byDanny Tseng
 
PDF
Mvc delphi
byMarcelo Moreira Cunha
 
PDF
Using Vivox to connect your players: Text and voice comms – Unite Copenhagen ...
byUnity Technologies
 
PDF
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
byPgDay.Seoul
 
PPTX
CloudFront経由でのCORS利用
byYuta Imai
 
PDF
MySQL8.0 in COSCUP2017
byShinya Sugiyama
 
PDF
Zabbixを徹底活用してみよう ~4.2の最新情報もご紹介~
byDaisuke Ikeda
 
PPTX
Introduction to Linux Kernel
byStryker King
 
PPTX
マイクロサービスに必要な技術要素はすべてSpring Cloudにある #DO07
byToshiaki Maki
 
PPT
PowerShell Functions
bymikepfeiffer
 
PDF
go generate 完全入門
byyaegashi
 
PPTX
もしWebセキュリティのエンジニアがRFC7540の「HTTP/2アプリ」をWeb診断したら
byabend_cve_9999_0001
 
PPTX
Bash Shell Scripting
byRaghu nath
 
PPTX
PostgreSQLクエリ実行の基礎知識 ~Explainを読み解こう~
byMiki Shimogai
 
PPTX
微服務架構 導入經驗分享 吳剛志 - Community Open Camp
byAndrew Wu
 
PDF
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
byMasahito Zembutsu
 
PDF
[D13] Disaster Recovery環境をOracle Standard Editionでつくる by Miyuki Ohasi
byInsight Technology, Inc.
 
PPTX
Itamae-Serverspec入門
by辰徳 斎藤
 
PDF
Distributed system coordination by zookeeper and introduction to kazoo python...
byJimmy Lai
 
Ansible
byAfroz Hussain
 
Fuse- Filesystem in User space
byDanny Tseng
 
Mvc delphi
byMarcelo Moreira Cunha
 
Using Vivox to connect your players: Text and voice comms – Unite Copenhagen ...
byUnity Technologies
 
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
byPgDay.Seoul
 
CloudFront経由でのCORS利用
byYuta Imai
 
MySQL8.0 in COSCUP2017
byShinya Sugiyama
 
Zabbixを徹底活用してみよう ~4.2の最新情報もご紹介~
byDaisuke Ikeda
 
Introduction to Linux Kernel
byStryker King
 
マイクロサービスに必要な技術要素はすべてSpring Cloudにある #DO07
byToshiaki Maki
 
PowerShell Functions
bymikepfeiffer
 
go generate 完全入門
byyaegashi
 
もしWebセキュリティのエンジニアがRFC7540の「HTTP/2アプリ」をWeb診断したら
byabend_cve_9999_0001
 
Bash Shell Scripting
byRaghu nath
 
PostgreSQLクエリ実行の基礎知識 ~Explainを読み解こう~
byMiki Shimogai
 
微服務架構 導入經驗分享 吳剛志 - Community Open Camp
byAndrew Wu
 
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
byMasahito Zembutsu
 
[D13] Disaster Recovery環境をOracle Standard Editionでつくる by Miyuki Ohasi
byInsight Technology, Inc.
 
Itamae-Serverspec入門
by辰徳 斎藤
 
Distributed system coordination by zookeeper and introduction to kazoo python...
byJimmy Lai
 

Similar to Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx

PPTX
All you need to know about transport layer security
byMaarten Smeets
 
PDF
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
byAndrejs Vorobjovs
 
PDF
SSL certificates in the Oracle Database without surprises
byNelson Calero
 
PPTX
Vital Aspects of SSL Support in MySQL
byLesa Cote
 
PDF
SSL Everywhere!
bySimon Haslam
 
PPTX
Webservice security considerations and measures
byMaarten Smeets
 
DOCX
Transport Layer Security
bySanjeev Kumar Jaiswal
 
PPT
Introduction to Secure Sockets Layer
byNascenia IT
 
PPT
ASCC-site-report-123456430523fwje0fjewew
byDngHong855117
 
PDF
Secure PostgreSQL deployment
byCommand Prompt., Inc
 
PPT
Certificates and Web of Trust
byYousof Alsatom
 
PPT
SSL
bytheekuchi
 
ODP
Inro to Secure Sockets Layer: SSL
byDipankar Achinta
 
PDF
Ssl tls-beginners-guide
byJosephLamineDIALLO
 
DOCX
What is TLS/SSL?
byShehzad Imran
 
PDF
OOW15 - managing oracle e-business suite auditing and security
byvasuballa
 
PPTX
Secure socket layer
byBU
 
ODP
Lotusphere 2011 SHOW104
byWorkFlowStudios
 
PPTX
Ssl
byAnandraj Kulkarni
 
PDF
WebLogic in Practice: SSL Configuration
bySimon Haslam
 
All you need to know about transport layer security
byMaarten Smeets
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
byAndrejs Vorobjovs
 
SSL certificates in the Oracle Database without surprises
byNelson Calero
 
Vital Aspects of SSL Support in MySQL
byLesa Cote
 
SSL Everywhere!
bySimon Haslam
 
Webservice security considerations and measures
byMaarten Smeets
 
Transport Layer Security
bySanjeev Kumar Jaiswal
 
Introduction to Secure Sockets Layer
byNascenia IT
 
ASCC-site-report-123456430523fwje0fjewew
byDngHong855117
 
Secure PostgreSQL deployment
byCommand Prompt., Inc
 
Certificates and Web of Trust
byYousof Alsatom
 
SSL
bytheekuchi
 
Inro to Secure Sockets Layer: SSL
byDipankar Achinta
 
Ssl tls-beginners-guide
byJosephLamineDIALLO
 
What is TLS/SSL?
byShehzad Imran
 
OOW15 - managing oracle e-business suite auditing and security
byvasuballa
 
Secure socket layer
byBU
 
Lotusphere 2011 SHOW104
byWorkFlowStudios
 
Ssl
byAnandraj Kulkarni
 
WebLogic in Practice: SSL Configuration
bySimon Haslam
 

Recently uploaded

PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
final.pdf
byomarbishtawi04
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 

Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx

  • 2.
    ATTENTION – AUDIOOptions Advisor Webcast PDF, Recording and Community Thread:  Recording will be available within 48 hours at Advisor Webcast PDF & Recording: Oracle Support Document 2877140.2 - Troubleshooting issues with TCPS Configuration/Communication on Database [Video] https://support.oracle.com/rs?type=doc&id=287714 0.2  Use Community link for Q&A - https://community.oracle.com/mosc/discussion/xxxx  For upcoming Oracle Database Advisor Webcasts & recordings, see Doc ID 1456176.2 Option 1: Voice Streaming – Computer Audio  No need to dial in on a telephone, the Advisor Webcast can be heard through your computer speakers or an attached headset.  Questions can be asked via Chat box Option 2: Teleconference (Dial In)  Questions can be asked over phone or in the Chat box  Requires telephone to dial in  Details  Webinar ID: 944 9650 5115  US toll dial in: +1 669 900 6833  US toll dial in: +1 346 248 7799 International numbers available: https://oracle.zoom.us/u/a87POGYP Oracle Support Advisor Webcast will start at the scheduled time Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 3.
     Check outDoc ID 740966.2 for all Webcasts.  Select your product Oracle Database  Register for the session of your interest.  For upcoming Oracle Database Advisor Webcasts & archived recordings, see Doc ID 1456176.2 Upcoming Advisor Webcast Schedule Oracle Support Advisor Webcast will begin at the scheduled time Register for any Oracle Support Advisor Webcast from: https://go.oracle.com/oraclesupportadvisorwebca sts Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 4.
    Global Customer Support,Database Security July 14, 2022 SRINIVASA R Troubleshooting issues with TCPS Configuration/Communication on Database Oracle Support Advisor Webcast
  • 5.
    Proactive Resources forTools, Training and Social Channels Get ProactivePortfolio Doc ID 432.1 Learning is ongoing. Select and use learning options to meet your needs. Self-paced Live, interactive Deep-dive instruction (steps) Get Proactive Social Channels Stay informed via: My Oracle Support Community here Blogs here Examples: EBS / Database Twitter here Examples: EBS / Database Oracle Support Essentials Doc ID 553747.2 My Oracle Support How To Videos Doc ID 603505.2 Product Advisor Webcasts Doc ID 740966.1 Oracle Support Accreditations Doc ID 1583898.2 OracleSupport Training andResources Doc ID 1959163.2 High-level (concepts) Session playback Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 6.
    The following isintended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Safe harbor statement Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 7.
    Global Customer Support,Database Security July 14, 2022 SRINIVASA R Troubleshooting issues with TCPS Configuration/Communication on Database Oracle Support Advisor Webcast
  • 8.
    5 4 3 2 1 ORA Errors relatedto SSL adapter Troubleshooting SSL Handshake failures between DBServer and Client Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Topics Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 9.
    1 Basics ofTransport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 10.
    1.What isSSL/TLS? SSL/TLS createsan encrypted connection between server and client servers allowing for private information to be transmitted without the problems of eavesdropping, data problems of eavesdropping, data tampering, or message forgery.To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on the server. you and install it on the server. 2.Whydo I needSSL? If you are transmitting sensitive information on a web site, such as credentials or personal information, you need to secure it with SSL encryption. It is possible for encryption. It is possible for every piece of data to be seen by others unless it is secured by an SSL certificate. 3.SSLCertificate SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. User/ServerCertificate :SSL Certificate issued to a specific server/host is termed as ServerCertificate/User certificate/Identity Certificate. Certificate. IntermediateCertificate : Intermediate certificates are used as a stand-in for our root certificate. Root Certificate: It is public key certificate that identifies the Root CertificateAuthority 4.Certificate authority (CA) A certificate authority is an entity which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined they are following defined procedures 1.Basics of Transport Layer Security Configuration Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 11.
    5.Wallet A wallet isalso a repository of security certificates and credentials.Oracle Database and OHS store certificates in wallets. We can create password-protected wallets(ewallet.p12) and corresponding autologin wallet(cwallet.sso) 6.SignatureAlgorithm The algorithm used to create the signature.Signature is to verify that it came from the issuer. It is used to sign the certificates.Signature strength is directly related to the key size, the larger the key the stronger the signature. signature. 7.Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a that can be followed as a procedure A cipher suite is a named combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to algorithms used to negotiate the security settings for a network connection using theTransport Layer Security (TLS) / Secure Sockets Layer (SSL) Sockets Layer (SSL) network protocol. 8.SSL Handshake The client and server establish which algorithms to use. The server sends its certificate to the client and the client verifies that the server's certificate was signed by a trusted CA. If client authentication is required, the client sends its own certificate to the server and the server verifies that the client's certificate was signed by a certificate was signed by a trustedCA. The client and server exchange key information using public key cryptography. Based on this information, each generates a session key session key Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 12.
     TLS providesauthentication, data encryption, and data integrity.  The TLS protocol is the foundation of a public key infrastructure (PKI). For authentication, TLS uses digital certificates that comply with the X.509v3 standard and a public and private key pair.  Oracle Database TLS can be used to secure communications between any client and any server. You can configure TLS to provide authentication for the server only, the client only, or both client and server. Basics of Transport Layer Security Configuration Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 13.
    1. Create theSSL Wallet(ewallet.p12 and cwallet.sso) $orapki wallet create -wallet <wallet_location> -auto_login 2. Raise Certificate Signing Request(CSR) orapki wallet add -wallet <wallet_location> -dn <user_dn> -keysize 512|1024|2048|4096 -pwd <wallet_password> Eg: orapki wallet add -wallet <wallet_location> -dn CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN -keysize 512|1024|2048|4096 -pwd <wallet_password> 3. Submit CSR to Certificate Authority(CA) to get signed SSL certificates in Base64 format orapki wallet export -wallet <wallet_location> -dn <certificate_request_dn> -request <certificate_request_filename> -pwd <wallet password> Eg: orapki wallet export -wallet <wallet_location> -dn CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN -request csr.txt -pwd <wallet password> 4.I mport trusted and user certificates to wallet orapki wallet add -wallet <wallet_location> -trusted_cert -cert <root_certificate_location> -pwd <wallet_password> orapki wallet add -wallet <wallet_location> -trusted_cert -cert <intermediate_certificate_location> -pwd <wallet_password> orapki wallet add -wallet <wallet_location> -user_cert -cert <user_certificate_location> -pwd <wallet_password> Review of SSL wallet creation and importing certificates to it Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 14.
    5. Review thewallet created for DB server $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 6. Similarly Create a wallet on Client and import the DB trusted certificates to the Client wallet 7. After the creation of wallets,SSL/TLS is enabled on DB Step by Step Guide To Configure SSL Authentication (Doc ID 736510.1) Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 15.
    1 Validating TCPS Configurationon Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 16.
    <DB HOME>/bin>lsnrctl status<listener name> Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname.domainname)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 30-JUN-2022 15:01:08 Uptime 3 days 21 hr. 10 min. 27 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/network/admin/listener.ora Listener Log File /refresh/home/app/19.8.0.0/oracle/diag/tnslsnr/hostname/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=hostname.domainname)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname.domainname)(PORT=1523))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname.domainname)(PORT=5510))(Security=(my_wallet_directory=/refresh/home/app/19.8.0.0/oracle/product/19.8.0 .0/dbhome6/srinivasa/wallets))(Presentation=HTTP)(Session=RAW)) Services Summary... Service "orcl19800.domainname" has 1 instance(s). Instance "orcl19800", status READY, has 1 handler(s) for this service... Service "orcl19800XDB.domainname" has 1 instance(s). Instance "orcl19800", status READY, has 1 handler(s) for this service... The command completed successfully 1.Status of listener Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 17.
    2. DB Configurationfiles should have TCPS connection descriptors listener.ora ------- LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST= (ADDRESS = (PROTOCOL = TCP)(HOST = hostname.domainname)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCPS)(HOST = hostname.domainname)(PORT = 1523)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) ) ) wallet_location = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets) ) ) SSL_CLIENT_AUTHENTICATION=FALSE SSL_VERSION=1.2 Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 18.
    3.sqlnet.ora on theserver --------- wallet_location = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets) ) ) #Set the below parameter to TRUE, for users to be authenticated by Database with SSL certificates, SSL_CLIENT_AUTHENTICATION=FALSE #This parameter is recommended to force the use of TLS latest version 1.2 SSL_VERSION=1.2 #Set this parameter ON so that SSL_SERVER_CERT_DN in tnsnames.ora is effective #SSL_SERVER_DN_MATCH=ON Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 19.
    4.DB Client fileswill have Wallet and TCPS connection descriptors sqlnet.ora on the Client ----------- NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) #Specify the wallet location with wallet_location parameter wallet_location = (SOURCE= (METHOD=File) (METHOD_DATA= (DIRECTORY=/u01/db/db12/12.2.0/srinivasa/wallets) )) #Set the below parameter to TRUE, for users to be authenticated by Database with SSL certificates, SSL_CLIENT_AUTHENTICATION=FALSE #This parameter is recommended to force the use of TLS latest version 1.2 SSL_VERSION=1.2 tnsnames.ora -------- orcl19800_SSL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = hostname.domainname)(PORT = 1523)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19800.domainname) )) Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 20.
    5.Connection to Databaseover TCPS $sqlplus srini/<password>@orcl19800_ssl SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 4 16:23:05 2022 Version 19.8.0.0.0 Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.8.0.0.0 SQL> show user USER is "SRINI“ SQL> select sys_context('USERENV','NETWORK_PROTOCOL') from dual; SYS_CONTEXT('USERENV','NETWORK_PROTOCOL') -------------------------------------------------------------------------------- tcps Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 21.
    1 Validating the SSLwallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 22.
    The contents inthe wallet can be dumped using the command below. 1.Wallet on DB Server $export ORACLE_HOME=<DB HOME> $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 2.Wallet on Client $export ORACLE_HOME=<CLIENT HOME> $orapki wallet display -wallet /u01/db/db12/12.2.0/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=client.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 3.Validating the SSL Wallets on Server and Client Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 23.
    1 Troubleshooting SSL Handshakefailures between DBServer and Client Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 24.
    I. Verify ifthe listener is accessible through SSL port 1.Check the listener hostname/IP and TCPS port set from the status of listener $lsnrctl status <listener name> (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname.domain name)(PORT=1523))) 2.Check the DB Service name is listed under Services Services Summary... Service "orcl19800.domainname" has 1 instance(s). Instance "orcl19800", status READY, has 1 handler(s) for this service... Follow the checklist below when connection to DB fails over SSL connection Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 25.
    Copyright 2021, Oracleand/or affiliates. All rights reserved 2.Run the command below to verify if the listener is able to load the certificates. The command need to return the certificates $ openssl s_client -connect dbserver.domainname:1523 CONNECTED(00000003) depth=1 C = IN, ST = KAR, L = BLR, O = ORACLE, OU = DBSEC, CN = DBServerCA verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=IN/ST=Karnataka/L=BLR-OTP/O=ORACLE/OU=DBSEC/CN=dbserver.domainname i:/C=IN/ST=KAR/L=BLR/O=ORACLE/OU=DBSEC/CN=DBServerCA 1 s:/C=IN/ST=KAR/L=BLR/O=ORACLE/OU=DBSEC/CN=DBServerCA i:/C=IN/ST=KAR/L=BLR/O=ORACLE/OU=DBSEC/CN=DBServerCA Server certificate -----BEGIN CERTIFICATE----- MIIDQzCCAisCAhI2MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAklOMQwwCgYD VQQIDANLQVIxDDAKBgNVBAcMA0JMUjEPMA0GA1UECgwGT1JBQ0xFMQ4wDAYDVQQL DAVEQlNFQzEQMA4GA1UEAwwHU1JJQ0VSVDAeFw0yMjA3MDQxNDE0NTFaFw0yMzA3 MDQxNDE0NTFaMHIxCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEDAO BgNVBAcTB0JMUi1PVFAxDzANBgNVBAoTBk9SQUNMRTEOMAwGA1UECxMFREJTRUMx HDAaBgNVBAMTE2Ric2VydmVyLmRvbWFpbm5hbWUwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCCwQJxda+4cClkZjxvdVS+G2Zo4eBsTRSrQWkikKjwySEY DUhAr7piw3eA0AvCNYYjEnLT93+oK7FprVQz77Gg0KROBdUU/xgd173zGUyfaG8w aOjuh6BlmU08lE2RqGph7cGiQWvx0XHyaiVaviZNxpY0qP8uL5eEnyYQ0Dd5efrU 5BF5QyCtwR0F0MmpeVvQ3qvvmiYuJfqHDqXnVrsxNIEr114HMlHnEunnk7lUSfoD vX3ojCz3FjqT0OCeD3+Xwgf6HfaV4i6klyJnoQS19vBWo6LcfMUFVxl8W7QLcE5x GyPeJgBLDu04euvFYngRwWT8Ozuur2ySpstzTXhLAgMBAAEwDQYJKoZIhvcNAQEL BQADggEBAJSOJhS9A+8W/TnrMFmDU6BH1qI4XDNKJgiC6R3E4oG4GPVHL4U3is0Y
  • 26.
    3. If theoutput return error as below , then wallets are not loaded during listener startup. $ openssl s_client -connect dbserver.domainname:1523 CONNECTED(00000003) 140404937381776:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: no peer certificate available No client certificate CA names sent SSL handshake has read 0 bytes and written 289 bytes New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1657277758 Timeout : 300 (sec) Verify return code: 0 (ok) --- Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 27.
    1.Check WALLET_LOCATION specifiedin listener.ora and validate it is correct wallet_location =(SOURCE=(METHOD=File)(METHOD_DATA=(DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets))) 2.Check the DB User has read permissions on the wallet files 3.Dump the contents of wallet and ensure it contain user certificate and trusted certificates $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 4.Dump the certificates and ensure it is valid $orapki cert display -cert user.txt Oracle PKI Tool Release 21.0.0.0.0 - Production Version 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Issuer: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Valid Until: Tue Jul 04 14:14:51 GMT 2023 Solution: Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 28.
    II.Check tnsping workson TCPS port from server and client For a successful connection: $ tnsping "(ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523))" TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 06-JUL-2022 21:37:53 Copyright (c) 1997, 2020, Oracle. All rights reserved. Attempting to contact (ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523)) OK (190 msec) In case of failure: $ tnsping "(ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523))" TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 06-JUL-2022 21:37:53 Copyright (c) 1997, 2020, Oracle. All rights reserved. Attempting to contact (ADDRESS=(PROTOCOL=tcps)(HOST=dbserver.domainname)(PORT=1523)) TNS-12560: TNS:protocol adapter error Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 29.
    1.Check wallet_location insqlnet.ora on Client/server and if wallets exist in it wallet_location =(SOURCE=(METHOD=File)(METHOD_DATA=(DIRECTORY=/refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets))) 2.Check the server/client wallet and ensure the trusted certificates of DB are imported to it $orapki wallet display -wallet /u01/db/db12/12.2.0/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=client.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 3.If SSL_CLIENT_AUTHENTICATION=TRUE , then ensure the trusted certificates of Client are imported to DB Wallets $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 4.SSL_VERSION set in server need to be supported by client(1.2, 1.1 , 1) Update SSL_VERSION in client sqlnet.ora with the same value as in Server SSL_VERSION=1.2 Solution: Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 30.
    III.Check connection toDB sqlplus username/password@orcl19800_ssl ERROR: ORA-28865: SSL connection closed Solution: 1.Check the sqlnet.ora in DB HOME for the wallet location and ensure the wallets are same as set in listener.ora 2.If SSL_CLIENT_AUTHENTICATION=TRUE , then ensure the trusted certificates of Client are imported to DB Wallets $orapki wallet display -wallet /refresh/home/app/19.8.0.0/oracle/product/19.8.0.0/dbhome6/srinivasa/wallets Requested Certificates: User Certificates: Subject: CN=dbserver.domainname,OU=DBSEC,O=ORACLE,L=BLR-OTP,ST=Karnataka,C=IN Trusted Certificates: Subject: CN=ClientCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN Subject: CN=DBServerCA,OU=DBSEC,O=ORACLE,L=BLR,ST=KAR,C=IN 3.SSL_VERSION set in server need to be supported by client(1.2, 1.1 , 1) Update SSL_VERSION in client sqlnet.ora with the same value as in Server .SSL_VERSION=1.2 Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 31.
    Enable sqlnet tracingto identify and troubleshoot the errors from the SSL layer using: Note 395525.1 How to Enable Oracle SQL*Net Client , Server , Listener , Kerberos and External procedure Tracing from Net Manager More debug details will be covered in next Webcast: Troubleshooting Tcps/SSL through Wireshark Troubleshooting SSL Handshake failures between DBServer and Client Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 32.
    1 ORA Errors thatmay occur while you use the Oracle Database SSL adapter Troubleshooting SSL Handshake failures between DBServer and Client Validating the SSL wallets and certificates on Server and Client Validating TCPS Configuration on Database Basics of Transport Layer Security Configuration Troubleshooting issues withTCPS Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 33.
    1.TNS:protocol adapter error(ORA-12560) Ensure listener is accessible through SSL port and tnsping works correctly 2.ORA-29024:Certificate Validation Failure -Check the client wallet and ensure the trusted certificates of DB are imported to it -Check that server certificate is not imported as a trusted certificate 3.ORA-29143/29106: Wallet open failed with error 29143/29106 -For versions less than 12.1.0.2.201020, apply Patch 23184013 -If cwallet.sso is created with auto_login_local and it can be used only by the user who created it. 4.ORA-28860: Fatal SSL error -There is a mismatch between SSL Protocol version or cipher suite between Client and Server. 5.ORA-28864: SSL connection closed gracefully -The certificates have been signed using MD5 hashing algorithm and after the database upgrade to 12.2 the handshake uses the TLS1.2 protocol. 6.Additional and new errors if any will be updated in MOS document below How To Investigate And Troubleshoot SSL/TLS Issues on the Database And Client SQL*Net Layer (Doc ID 2238096.1) 5.ORA Errors that may occur while you use the Oracle Database SSL adapter. Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 34.
    Step by StepGuide To Configure SSL Authentication (Doc ID 736510.1) Step by Step Guide: How to Configure SSL/TLS on ORACLE RAC (with SCAN) (Doc ID 1448841.1) SSL Troubleshooting Guide (Doc ID 166492.1) Note 395525.1 How to Enable Oracle SQL*Net Client , Server , Listener , Kerberos and External procedure Tracing from Net Manager Document Reference: Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 35.
    Locating Current Schedule& Archived Recordings Oracle Support Advisor Webcast Program  Access Advisor Webcasts information for all Oracle products from Doc ID 740966.2 or directly access upcoming and prior webcasts for Oracle Database from Doc ID 1456176.2  Under Prior Webcast Recordings tab access recordings and webcast slides (.pdf)  Recording available within 48 hours at: Oracle Document 2877140.2 - Troubleshooting issues with TCPS Configuration/Communication on Database [Video] https://support.oracle.com/rs?type=doc&id=28771  Use Community link to ask webcast related questions https://community.oracle.com/mosc/discussion/4521454  Register for any Oracle Support Advisor Webcast or replay any session from previous month from: https://go.oracle.com/oraclesupportadvisorwebcast Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 36.
    Q & A To ask a question use Chat  Your question will be read aloud in the order received  Questions can also be asked after the session within in My Oracle Support Communities, thread: https://community.oracle.com/mosc/discussion/4521454 Copyright 2022, Oracle and/or affiliates. All rights reserved
  • 37.
    Thank you SrinivasaR GlobalCustomer Support,Database Security Copyright 2022, Oracle and/or affiliates. All rights reserved

Editor's Notes

  • #2 Mandatory Slide Start with this slide 15 mins before the session.
  • #3 Mandatory Slide Share this one 10 minutes before the session. Update the KM document/ community links and Product details along with the Webinar ID and the participant phone numbers to match your webcast.
  • #4 Mandatory Slide Instructions for the HOST: Share this one 5 minutes before the session. Change the picture on the right using Snip & sketch(or equivalent tool) and order the current schedule by date with the earliest session at the top. If you have many sessions planned only show the ones coming up in the next Month. Make sure the picture is readable when showing in full slide mode [Sample text for the host to use in chat 5 mins prior to the call] [Please add the title, conference ID and teleconference details for your AW] [***** NO need to talk to this slide *****] Welcome to the Oracle Support Advisor Webcast – <Title of the Webcast>! We will begin at the scheduled time and you do not need to dial in on the phone. The webcast can be heard through your computer speakers or an attached headset. Questions can be asked via Chat and will be read out loud during the Q&A session. If for some reason you do need to dial in via phone, use teleconference details below: Webinar ID: ### ### ### US toll dial in: 1 ### ### ### <2nd Country> toll dial in: +1 ### ### ### International numbers available: https://oracle.zoom.us/u/aeCpOlt6dD [If you see people join late, at any pause (say after slide 7), The following welcome should be placed in the chat box again for awareness again (without the line-” We will begin at the scheduled time and you do not need to dial in on the phone.“), since any late attendees will not see the prior message] Welcome to the Oracle Support Advisor Webcast – <Title of the Webcast>! The webcast can be heard through your computer speakers or an attached headset. Questions can be asked via Chat and will be read out loud during the Q&A session. If for some reason you do need to dial in via phone, use teleconference details below: Webinar ID: ### ### ### US toll dial in: 1 ### ### ### <2nd Country> toll dial in: +1 ### ### ### International numbers available: https://oracle.zoom.us/u/aeCpOlt6dD
  • #5 Mandatory Slide [NEXT SLIDE] [HOST formally hands it over to presenter by saying: Now, let’s get stated with our presentation. [Presenter], if you’re ready, I’ll turn the webcast over to you and you can begin. PRESENTER starts speaking Instructions for the Host : This is not a DUPLICATE slide, it’s here and it’s got it’s purpose. This is the slide to transtion from Host to Presenter [Repeated from slide 3 - The following welcome should be placed in the chat box again for awareness again (without the line-” We will begin at the scheduled time and you do not need to dial in on the phone.“), since any late attendees will not see the prior message] Welcome to the Oracle Support Advisor Webcast – <Title of the Webcast>! The webcast can be heard through your computer speakers or an attached headset. Questions can be asked via Chat and will be read out loud during the Q&A session. If for some reason you do need to dial in via phone, use teleconference details below: Webinar ID: ### ### ### US toll dial in: 1 ### ### ### <2nd Country> toll dial in: +1 ### ### ### International numbers available: https://oracle.zoom.us/u/aeCpOlt6dD
  • #6 Mandatory Slide [Note for hosts – replace the correct social media links for your product line and remove the social media content not applicable to your product line] HOST SPEAKS: [Please see below for shorter version , if needed] ****************************************************** Before we begin our session today, this slide provides a quick overview of some of the Proactive programs available such as Oracle Support Essentials, MOS How To Video Series, Advisor Webcasts like this one, Oracle Support Accreditation and the Get Proactive Portfolio. Select from above options to meet your ongoing learning needs. Lastly, Stay Informed. Leverage our social channels like My Oracle Support Community, blogs, twitter and facebook. [Note for host -Remove any that are not applicable for your product line] You can also explore all our latest proactive tools and resources available to you to continually evolve and help you throughout your customer journey using Oracle applications and technology, from the 432.1 KM document and access the Get Proactive info graphic from Oracle.com. [Links for the host to use in chat] Proactive Portfolio - Doc 432.1 Oracle Support Essentials - Doc 553747.1 MOS How To Video Series - Doc 603505.2 Advisor Webcast Program - Doc 749066.1 Oracle Support Accreditation - Doc 1583898.2   Our social channels : My Oracle Support Community https://community.oracle.com/community/support/ Blogs - <Blog link> Twitter - <Twitter Link> Facebook - <Facebook Link> Link to Proactive Infographic on Oracle.com: http://ora.cl/5Dy8 ******************************************************************************************************************************************************* [Note for HOSTS: LONG VERSION] This slide provides a quick overview of some of the Proactive programs for Training, Tools and Social Channels, including the Get Proactive Portfolio, Oracle Support Essentials, My Oracle Support (MOS) How To Video Series, Oracle Support Product Advisor Webcasts, and Oracle Support Accreditation. <CLICK> The Proactive Portfolio Doc ID 432.1) is the main location to get started on proactive tools and resources. Some “Get Proactive” capabilities are only available for certain products, simply select your product to get started. The Oracle Support Essentials Series is recommended for new and existing customers to learn the basics about the latest My Oracle Support and Cloud Support portal functionality, understand support processes, best practices and how to leverage available proactive support resources and tools. If you miss a webcast, they are recorded and repeated. The My Oracle Support How-to Videos are designed as short (3-10 minutes), step-by-step instructional videos on support portal features. The how-to videos are arranged by the environment (cloud or on-premises), experience level (beginner or advanced), task, and role. Leverage these videos to learn basic skills, or refresh your knowledge, like how to search for answers in the knowledge base, how to access communities, how to log a service request (SR), and more. The Oracle Support Advisor Webcast program offers product-based sessions, delivered by Oracle Support experts. Hear from specialists about Oracle services, products, and technologies. Gain insight into support tools and best practices to proactively avoid business problems and optimize your use of Oracle products and cloud services. Engage in Q&A to receive answers to your specific questions. These webcasts are for both new and existing customers. Live sessions are recorded for on-demand viewing. To get started, use the dropdown menu to select a “product”. The Oracle Support Accreditation Series offers self-paced, guided learning paths with targeted resources and exams to validate your skills. Each accreditation provides easy-to-consume modules designed to grow your skills, increase expertise, save time and drive efficiency by implementing learnings. There are two levels of learning: Level 1 portals and services learning paths show you how to leverage available features, tools, and resources, and offer you time-saving best practices that you can utilize to gain efficiency and optimize your support interactions. Level 2 product-based learning paths build on the foundational knowledge from Level 1 by highlighting best practices, product-based diagnostics, and proactive support tools to increase your expertise. The content is designed around common questions, typical troubleshooting scenarios, and 'must-have' support tools. Lastly, Stay Informed. Leverage our social channels like My Oracle Support Community. Increase your productivity with access to hundreds of on-line support communities that cover topics on a wide range of technologies and applications backed by Oracle support experts. You can access the latest product and support information, and exchange knowledge with industry peers on real-world best practices, tips and tricks. [Links for the host to use in chat] Proactive Portfolio - Doc 432.1 Oracle Support Essentials - Doc 553747.1 MOS How To Video Series - Doc 603505.2 Advisor Webcast Program - Doc 749066.1 Oracle Support Accreditation - Doc 1583898.2   Our social channels : My Oracle Support Community https://community.oracle.com/community/support/ Blogs - <Blog link> Twitter - <Twitter Link> Facebook - <Facebook Link> Link to Proactive Infographic on Oracle.com: http://ora.cl/5Dy8
  • #7 Mandatory Slide [Instructions for the host – Start recording again before you begin the safe harbor slide] HOST SPEAKS: What you see on the screen now is a reminder that this Advisor Webcast is intended for information purposes only. Any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. [NEXT SLIDE] Instructions for the Host: This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, e-mail: Revrec-americasiebc_us@oracle.com For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information.   http://my.oracle.com/site/fin/gfo/GlobalProcesses/cnt452504.pdf For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience.
  • #8 Mandatory Slide [NEXT SLIDE] [HOST formally hands it over to presenter by saying: Now, let’s get stated with our presentation. [Presenter], if you’re ready, I’ll turn the webcast over to you and you can begin. PRESENTER starts speaking Instructions for the Host : This is not a DUPLICATE slide, it’s here and it’s got it’s purpose. This is the slide to transtion from Host to Presenter [Repeated from slide 3 - The following welcome should be placed in the chat box again for awareness again (without the line-” We will begin at the scheduled time and you do not need to dial in on the phone.“), since any late attendees will not see the prior message] Welcome to the Oracle Support Advisor Webcast – <Title of the Webcast>! The webcast can be heard through your computer speakers or an attached headset. Questions can be asked via Chat and will be read out loud during the Q&A session. If for some reason you do need to dial in via phone, use teleconference details below: Webinar ID: ### ### ### US toll dial in: 1 ### ### ### <2nd Country> toll dial in: +1 ### ### ### International numbers available: https://oracle.zoom.us/u/aeCpOlt6dD
  • #9 Mandatory Slide Instructions for Host and Presenter to build the slides: Use this slide to start with the first topic. When building just make a copy of this slide and update the topics. Use Key words only and avoid LONG phrases. The Topics should only be 1 short line. Complete the Topics list with an overview of the Items that will be covered during the Session. This information is similar to what Topics list was in the Advisor Webcast Proposal. What will you talk about today? Use Key words only and avoid long phrases. Topics should only be one line each. This information is similar to the topic list given in your Advisor Webcast Proposal. Some sample agendas follow: Sample from EBS: Overview Of Commitments Define Commitment Transaction Types How To Create Commitments Create And Apply Invoices, Receipts And Credits Known Issues & Useful Queries Note: Objectives slide has been removed, to keep the template simple, but prepare to start your agenda with what you would like customers to WALK away with after attending this session. Why should someone attend this session & what will they gain from it? Basically, “What’s In It For ME” from a customer perspective? What knowledge would you like customers to walk away with after attending this session? Objectives should flow naturally in response to questions such as: What will they understand, become familiar with, learn, be able to do to after the webcast that they couldn’t before?
  • #10 Instructions for Host and Presenter to build the slides: Use this slide to start with the first topic. When building just make a copy of this slide and update the topics.
  • #16 Instructions for Host and Presenter to build the slides: Use this slide to start with the first topic. When building just make a copy of this slide and update the topics.
  • #22 Instructions for Host and Presenter to build the slides: Use this slide to start with the first topic. When building just make a copy of this slide and update the topics.
  • #24 Instructions for Host and Presenter to build the slides: Use this slide to start with the first topic. When building just make a copy of this slide and update the topics.
  • #30  D
  • #33 Instructions for Host and Presenter to build the slides: Use this slide to start with the first topic. When building just make a copy of this slide and update the topics.
  • #36 Mandatory Slide HOST SPEAKS: [Thank the presenter] Thanks to _________________________ for __________ presentation. We’re going to open the Q&A in just a moment. Please use the Chat panel to ask any questions. While we pause to collect your questions, I’d like to share some information on locating Advisor webcasts and how you can access the recording from today’s session. Advisor Webcast [Updated text] primary [End Updated text] document Doc ID 740966.1 is your starting place to find out all about the Oracle’s Advisor Webcast Program for all Oracle Products. You can also directly access the <product name> Advisor Webcast Program document Doc ID <doc ID> where you will be able to see upcoming, most popular and prior webcast recordings. [New] Please note that design and user interface of the Advisor webcast index documents has slightly changed although the tabs remain the same.[End new]. For today’s webcast session and a list of all prior webcast recordings, go to the Prior Webcasts Recordings tab and then click on the Recording link. Pdf file with webcast session slides can also be downloaded from here. If you have any follow up questions on today’s webcast use the Community link. The Q&A from today’s webcast will be posted to this thread as well as responses to questions that we may not get to during the webcast. Recording for this webcast will be available within 48 hours. [Updated text] I would also like to mention that you can visit the [End updated text] Oracle support Advisor Webcast landing page where you can find a listing of all upcoming Advisor Webcasts across product lines and you can register for any webcast that may interest you. This page also provides a listing of all webcasts replay links from the past month on the In Case You Missed It tab. I have posted the link to the landing page in chat for your reference. [NEXT SLIDE] [Instructions for the host – replace screen shot with the most recent screen shot from your product line. Please ensure that the screen shot does not extend out of the slide or on the Oracle Logo ] [Reference - Sample text for hosts to use chat panel – Do not say text below out loud] [To access the recording and the pdf from today’s webcast, open <your product area> AW document <Doc ID Link> and click on Prior Webcasts tab Or access the recording and pdf directly from within the MOS document <Doc ID Link> . Recording will be made available within 48h hours. For questions from today’s session and to continue discussion use https://community.oracle.com/thread/<threadID Register for a webcast or review recordings from last 30 - 60 days from the Oracle Product Support Advisor Webcast landing page: https://go.oracle.com/oraclesupportadvisorwebcasts]
  • #37 Mandatory Slide [Instructions to the Hosts – Remember to not read out customer name from chat during Q&A. If you have audio questions and need to call out to a customer to ask their question, use customer first name only. If the customer introduces themselves with their full name and/or company name during Q&A (audio), make a note to edit and delete before posting the recording.] HOST SPEAKS: Now we’re going to open it up for questions. To ask a question, please use the Chat panel. [Instructions to the Hosts] Check to see if there are any raised hands on chat, requesting to ask an audio question. If yes, you can select Allow to Talk and Unmute the attendee, so they can ask a question. If you need to call to the attendee, please use first name only. Once questions are exhausted or time is up, the host will formally wrap up the call. As the host begins the call wrap up, advance to the Thank You slide and wait until the host closes the webcast.
  • #38 Mandatory Slide Stay on this slide until the host closes out the webcast. WRAP UP -> HOST SPEAKS: Thanks to _________________________ for __________ presentation and _________________________ for joining during the Q&A. We hope you found the webcast valuable. I will chat open for a couple more minutes. Please take a moment to share your feedback and let us know what topics you’d like to see covered in future webcasts.    Thank you to each of you for taking time out of your day to join us today.   This concludes our webcast today. Enjoy the remainder of your day! HOST WILL END THE CONFERENCE - Stay on this slide until the host closes out the webcast.
  • #39 Closing Slide