Amazon have documented this process, however this is for 11g source Oracle database only, and there are a few steps that must be adhered to in order to get this to work. Please note, there are a few changes from 10g to 11g using orapki, specifically with the auto_login command.
\nPlease set your Oracle environment so the $ORACLE_HOME is set. This document has been written for UNIX environments.<\/p>\n
Please note: Oracle 10.2.0.5 only supports SHA1 certificates.<\/strong><\/p>\n The steps as follows:<\/p>\n Step 1 – On the Oracle server, create a directory you will use to work with the self-signed certificate.<\/p>\n Step 2 – Change into the directory you created in the previous step.<\/p>\n Step 3 – Create a root key.<\/p>\n Step 4 – Self sign a root certificate using the root key you created in the previous step.<\/p>\n Step 5 – Create an Oracle wallet directory for the Oracle database.<\/p>\n Step 6 – Create a new Oracle wallet.<\/p>\n Step 7 – Add the root certificate to the Oracle wallet.<\/p>\n Step 8 – List the contents of the Oracle wallet. The list should include the root certificate.<\/p>\n Step 9 – Generate the Certificate Signing Request (CSR) using the ORAPKI utility.<\/p>\n Step 10 – List the contents of the Oracle wallet. The list should include the CSR.<\/p>\n Step 11 – Export the CSR from the Oracle wallet.<\/p>\n Step 12 – Sign the CSR using the root certificate.<\/p>\n Step 13 – Add the Client certificate to the server wallet.<\/p>\n Step 14 – List the content of the Oracle wallet.<\/p>\n Step 15 – Configure sqlnet.ora file ($ORACLE_HOME\/network\/admin\/sqlnet.ora).<\/p>\n Step 16 – Stop the Oracle listener.<\/p>\n Step 17 – Add entries for SSL in the listener.ora file $ORACLE_HOME\/network\/admin\/listener.ora.<\/p>\n Step 18 – Configure the tnsnames.ora file $ORACLE_HOME\/network\/admin\/tnsnames.ora.<\/p>\n Step 19 – Restart the Oracle listener.<\/p>\n Step 20 – Show the Oracle listener status.<\/p>\n Step 21 – Test the SSL connection to the database from localhost using sqlplus and the SSL tnsnames entry.<\/p>\n Step 22 – Verify that you successfully connected using SSL.<\/p>\n Step 23 – Change directory to the directory with the self-signed certificate.<\/p>\n Step 24 – Create a new client Oracle wallet that AWS DMS will use.<\/p>\n Step 25 – Add the self-signed root certificate to the Oracle wallet. There is no auto_login in 10.2.0.5<\/p>\n Step 26 – List the contents of the Oracle wallet that AWS DMS will use. The list should include the self-signed root certificate.<\/p>\n Step 27 – Upload the Oracle wallet you just created to AWS DMS. Note: you may have to create a new replication instance<\/p>\n","protected":false},"excerpt":{"rendered":" Amazon have documented this process, however this is for 11g source Oracle database only, and there are a few steps that must be adhered to in order to get this to work. Please note, there are a few changes from 10g to 11g using orapki, specifically with the auto_login command. Please set your Oracle environment … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[12,11,49],"class_list":["post-231","post","type-post","status-publish","format-standard","hentry","category-oracle-database","tag-aws","tag-dms","tag-mysql"],"_links":{"self":[{"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/posts\/231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":11,"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":242,"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/posts\/231\/revisions\/242"}],"wp:attachment":[{"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/media?parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/categories?post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mrmarkyoung.com\/oracle\/wp-json\/wp\/v2\/tags?post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}mkdir my_ssl<\/pre>\n
cd my_ssl<\/pre>\n
openssl genrsa -out self-rootCA.key 1024<\/pre>\n
openssl req -x509 -new -nodes -key self-rootCA.key -sha1 -days 1024 -out self-rootCA.pem<\/pre>\n
mkdir $ORACLE_HOME\/ora_ssl_wallet<\/pre>\n
orapki wallet create -wallet $ORACLE_HOME\/ora_ssl_wallet -pwd Welcome1 -auto_login<\/pre>\n
orapki wallet add -wallet $ORACLE_HOME\/ora_ssl_wallet -trusted_cert -cert self-rootCA.pem -pwd Welcome1<\/pre>\n
orapki wallet display -wallet $ORACLE_HOME\/ora_ssl_wallet<\/pre>\n
orapki wallet add -wallet $ORACLE_HOME\/ora_ssl_wallet -dn \"CN=MyToll, OU=GT, O=Toll, L=Melbourne, ST=Victoria, C=AU\" -keysize 1024 -pwd Welcome1<\/pre>\n
orapki wallet display -wallet $ORACLE_HOME\/ora_ssl_wallet<\/pre>\n
orapki wallet export -wallet $ORACLE_HOME\/ora_ssl_wallet -dn \"CN=MyToll, OU=GT, O=Toll, L=Melbourne, ST=Victoria, C=AU\" -request self-signed-oracle.csr -pwd Welcome1<\/pre>\n
openssl x509 -req -in self-signed-oracle.csr -CA self-rootCA.pem -CAkey self-rootCA.key -CAcreateserial -out self-signed-oracle.crt -days 365 -sha1<\/pre>\n
orapki wallet add -wallet $ORACLE_HOME\/ora_ssl_wallet -user_cert -cert self-signed-oracle.crt -pwd Welcome1<\/pre>\n
orapki wallet display -wallet $ORACLE_HOME\/ora_ssl_wallet<\/pre>\n
WALLET_LOCATION =\r\n (SOURCE =\r\n (METHOD = FILE)\r\n (METHOD_DATA = (DIRECTORY = \/app\/oracle\/10.2.0.5\/ora_ssl_wallet))\r\n )\r\n\r\nSSL_VERSION = 1.0\r\nSSL_CLIENT_AUTHENTICATION = FALSE\r\nSSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA)<\/pre>\n
lsnrctl stop<\/pre>\n
WALLET_LOCATION =\r\n (SOURCE =\r\n (METHOD = FILE)\r\n (METHOD_DATA = (DIRECTORY = \/app\/oracle\/10.2.0.5\/ora_ssl_wallet))\r\n )\r\n\r\nSID_LIST_LISTENER =\r\n (SID_LIST =\r\n (SID_DESC =\r\n (SID_NAME = PLSExtProc)\r\n (ORACLE_HOME = \/app\/oracle\/10.2.0.5)\r\n (PROGRAM = extproc)\r\n )\r\n )\r\n\r\nLISTENER =\r\n (DESCRIPTION_LIST =\r\n (DESCRIPTION =\r\n (ADDRESS = (PROTOCOL = TCP)(HOST = orahost)(PORT = 1521))\r\n (ADDRESS = (PROTOCOL = TCPS)(HOST = orahost)(PORT = 1522))\r\n (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))\r\n )\r\n )\r\n<\/pre>\n
DMS_SSL =\r\n (DESCRIPTION =\r\n (ADDRESS_LIST =\r\n (ADDRESS = (PROTOCOL = TCPS)(HOST = orahost)(PORT = 1522)))\r\n (CONNECT_DATA = (SERVICE_NAME = DATABASENAME))\r\n )<\/pre>\n
lsnrctl start<\/pre>\n
lsnrctl status<\/pre>\n
SELECT SYS_CONTEXT('USERENV', 'network_protocol') FROM DUAL;\r\n\r\n\t\tSYS_CONTEXT('USERENV','NETWORK_PROTOCOL')\r\n\t\t--------------------------------------------------------------------------------\r\n\t\ttcps<\/pre>\ncd ~\/my_ssl<\/pre>\n
orapki wallet create -wallet .\/ -auto_login<\/pre>\n
orapki wallet add -wallet .\/ -trusted_cert -cert rootCA.pem<\/pre>\n
orapki wallet display -wallet .\/<\/pre>\n