Connect to shared (PUBLIC ENDPOINT) autonomous database without a wallet (mTLS DISABLED)

IT by javier mugueta

Autonomous databases with public endpoint can relax the mTLS enforcement in order to allow insecure connections from legacy applications that can’t use a wallet for several reasons but, alt least, one ACL must be created in order to specify which remote addresses are allowed to cconnect.

STEP 1: Enable at least one ACL

Click [Edit] in Network/Access Control List section

Add IP’s or CIDR’s or VCN’s:

STEP2: DISABLE mTLS enforcement

STEP 3: GRAB CONNECTION DETAILS

Add descriptor to tnsnames.ora:

xxx = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.eu-f.......t-1.oraclecloud.com))(connect_data=(service_name=g........p.adb.o.....d.com))(security=(ssl_server_dn_match=yes)(ssl_server_cert_dn="CN=adwc.eucom-central-1.oraclecloud.com, OU=Oracle BMCS FRANKFURT, O=Oracle Corporation, L=Redwood City, ST=California, C=US")))

Connect using the service descriptor:

/sqlcl/bin/sql app1@xxx
SQLcl: Release 21.4 Production on Thu Feb 10 14:33:58 2022
Copyright (c) 1982, 2022, Oracle.  All rights reserved.
Connected to:
Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
Version 21.2.0.0.0
SQL> show connection
CONNECTION:
 APP1@jdbc:oracle:thin:@xxx 
CONNECTION_IDENTIFIER:
 xxx

Tha’s all, hope it helps!!!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.